17 October 2017
Find out more

Russian hacker pleads guilty over $500m Citadel malware

23 March 2017  |  8006 views  |  0 Computer virus

A Russian hacker accused of helping to develop and maintain the notorious Citadel malware toolkit, which was used to steal more than $500 million from bank accounts, faces up to 10 years in a US prison after pleading guilty to computer fraud.

Having been extradited from Norway in December, this week Mark Vartanyan (who went by the online handle 'Kolypto') pleaded guilty in an Atlanta court. He will be sentenced in June.

According to US authorities, the Citadel toolkit first began circulating for sale on Russian language forums in 2011. Crooks bought the malware and used it to exploit the computer networks of financial and government institutions, including in the US.

Over the years, Citadel infected approximately 11 million computers worldwide and is responsible for over $500 million in losses, says the Department of Justice.

For two years from 2012, while living in Ukraine and then Norway, Vartanyan engaged in the "development, improvement, maintenance and distribution" of Citadel. During these periods, he allegedly uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information.

Vartanyan is the second defendant charged in connection with an ongoing investigation of the Citadel malware. In 2015, Dimitry Belorossov was sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud for distributing and installing the malware onto victim computers.

Separately, a Lithuanian man has been arrested over a phishing scheme that saw him allegedly trick two multinational internet companies into wiring over $100 million to bank accounts he controlled.

Evaldas Rimasauskas is accused by US authorities of posing as an Asian-based computer hardware manufacturer to get a "multinational technology company and a multinational online social media company" to wire him the money.

He tricked the firms by registering and incorporating a company in Latvia that had the same name as the Asian firm - which both victims did business with. He then opened bank accounts linked to his firm and sent emails to the victims pretending to be from the Asian firm, asking for payments to the bank accounts he controlled.

The scam went on for at least two years before Rimasauskas was arrested last week in Lithuania. He has been charged by the US with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft.

New research from security firm Proofpoint suggests that business email compromise attacks are on the rise, up 45% in the last three months of 2016, with manufacturing, retail and technology the sectors most targeted.

"Seventy-five percent of our customers were hit with at least one attempted BEC attack in the last three months of 2016 — and it only takes one to cause significant damage," says Ryan Kalember, SVP, cybersecurity strategy, Proofpoint.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Kaspersky records uptick in financial phishing and banking malware

Kaspersky records uptick in financial phishing and banking malware

24 February 2017  |  8982 views  |  0 comments | 6 tweets | 9 linkedin
Polish bank malware targets IP addresses in 31 countries - Symantec

Polish bank malware targets IP addresses in 31 countries - Symantec

13 February 2017  |  8990 views  |  0 comments | 14 tweets | 10 linkedin
Russia arrests malware gang suspects

Russia arrests malware gang suspects

10 February 2017  |  6251 views  |  0 comments | 6 tweets | 7 linkedin
Authorities swoop on $200m carding forum; Microsoft hits Citadel botnet

Authorities swoop on $200m carding forum; Microsoft hits Citadel botnet

06 June 2013  |  11189 views  |  0 comments | 1 tweets | 4 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.innotribe.comvisit www.vasco.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
14917 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8194 views comments | 15 tweets | 21 linkedin
hands typing furiouslyHow artificial intelligence can deliver a...
7547 views 0 | 7 tweets | 9 linkedin
satelliteGates Foundation backs Ripple collaboratio...
6829 views comments | 13 tweets | 7 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
6158 views comments | 8 tweets | 16 linkedin

Featured job

Competitive base + commission + benefits
Denmark, Finland, Iceland, Norway or Sweden

Find your next job