23 May 2017
Book a meeting today

Russian hacker pleads guilty over $500m Citadel malware

23 March 2017  |  7384 views  |  0 Computer virus

A Russian hacker accused of helping to develop and maintain the notorious Citadel malware toolkit, which was used to steal more than $500 million from bank accounts, faces up to 10 years in a US prison after pleading guilty to computer fraud.

Having been extradited from Norway in December, this week Mark Vartanyan (who went by the online handle 'Kolypto') pleaded guilty in an Atlanta court. He will be sentenced in June.

According to US authorities, the Citadel toolkit first began circulating for sale on Russian language forums in 2011. Crooks bought the malware and used it to exploit the computer networks of financial and government institutions, including in the US.

Over the years, Citadel infected approximately 11 million computers worldwide and is responsible for over $500 million in losses, says the Department of Justice.

For two years from 2012, while living in Ukraine and then Norway, Vartanyan engaged in the "development, improvement, maintenance and distribution" of Citadel. During these periods, he allegedly uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information.

Vartanyan is the second defendant charged in connection with an ongoing investigation of the Citadel malware. In 2015, Dimitry Belorossov was sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud for distributing and installing the malware onto victim computers.

Separately, a Lithuanian man has been arrested over a phishing scheme that saw him allegedly trick two multinational internet companies into wiring over $100 million to bank accounts he controlled.

Evaldas Rimasauskas is accused by US authorities of posing as an Asian-based computer hardware manufacturer to get a "multinational technology company and a multinational online social media company" to wire him the money.

He tricked the firms by registering and incorporating a company in Latvia that had the same name as the Asian firm - which both victims did business with. He then opened bank accounts linked to his firm and sent emails to the victims pretending to be from the Asian firm, asking for payments to the bank accounts he controlled.

The scam went on for at least two years before Rimasauskas was arrested last week in Lithuania. He has been charged by the US with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft.

New research from security firm Proofpoint suggests that business email compromise attacks are on the rise, up 45% in the last three months of 2016, with manufacturing, retail and technology the sectors most targeted.

"Seventy-five percent of our customers were hit with at least one attempted BEC attack in the last three months of 2016 — and it only takes one to cause significant damage," says Ryan Kalember, SVP, cybersecurity strategy, Proofpoint.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Kaspersky records uptick in financial phishing and banking malware

Kaspersky records uptick in financial phishing and banking malware

24 February 2017  |  8051 views  |  0 comments | 6 tweets | 9 linkedin
Polish bank malware targets IP addresses in 31 countries - Symantec

Polish bank malware targets IP addresses in 31 countries - Symantec

13 February 2017  |  8069 views  |  0 comments | 14 tweets | 10 linkedin
Russia arrests malware gang suspects

Russia arrests malware gang suspects

10 February 2017  |  5728 views  |  0 comments | 6 tweets | 7 linkedin
Authorities swoop on $200m carding forum; Microsoft hits Citadel botnet

Authorities swoop on $200m carding forum; Microsoft hits Citadel botnet

06 June 2013  |  10969 views  |  0 comments | 1 tweets | 4 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.response.ncr.comvisit www.events.sap.comvisit www.niceactimize.com

Top topics

Most viewed Most shared
European banks lobby Commission to push ahead with screen scraping banEuropean banks lobby Commission to push ah...
8811 views comments | 29 tweets | 35 linkedin
Time for data-driven banking to come of ageTime for data-driven banking to come of ag...
8674 views comments | 28 tweets | 35 linkedin
Google and PayPal partner for mobile shopping by fingerprintGoogle and PayPal partner for mobile shopp...
8571 views comments | 27 tweets | 27 linkedin
Banks must get on AI bandwagon now – new Finextra researchBanks must get on AI bandwagon now – new F...
8359 views comments | 22 tweets | 31 linkedin
Twins fool HSBC voice biometrics - BBCTwins fool HSBC voice biometrics - BBC
8290 views comments | 19 tweets | 24 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job