A Russian man has pleaded guilty to conspiracy charges in a federal court in Atlanta on Tuesday for developing and distributing a malicious banking malware 'SpyEye' that infected more than 1.4 million computers worldwide since 2009.
Aleksandr Andreevich Panin, a 24 year old programmer, also known as Gribodemon and Harderman, was the main author of ‘SpyEye’, a sophisticated malware designed to steal people’s identities and financial information, including online banking credentials, credit card information, user names, passwords and PINs from their bank accounts without their knowledge.
The SpyEye secretly infects the victim’s computer and gives the remote control to the cybercriminals who remotely access the infected computer through command and control servers and steal victims’ personal and financial information through a variety of techniques, including web injects, keystroke loggers, and credit card grabbers without authorization.
Between 2009 and 2011, Panin conspired with Hamza Bendelladj, marketed and advertised the Spy Eye malware on various online forums. He sold versions of the SpyEye virus to almost 150 clients for prices ranging from $1,000 to $8,500 and one of his clients, “Soldier,” is reported to have made over $3.2 million in a six-month period using the SpyEye virus.
SpyEye is a ready-made malware toolkit used by cybercriminals since from 2009 and is still being used today. It has been estimated by the industry that over 10,000 bank accounts have been compromised by SpyEye infections in 2013 alone.
The case is being investigated by Special Agents of the Federal Bureau of Investigation (FBI) who stated,
“This investigation highlights the importance of the FBI’s focus on the top echelon of cyber criminals” adding that “The FBI will continue working with partners domestically and internationally to combat cybercrime."
Thereafter, in February 2011, the FBI searched and seized a SpyEye command and control server that controlled over 200 computers infected with the SpyEye virus and contained information from numerous financial institutions and was allegedly operated by Hamza Bendelladj in Georgia.
On July 2011, the FBI agents communicated directly with Panin and purchased a version of SpyEye that contained features designed to steal confidential financial information, initiate fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from computers infected with the SpyEye malware.
On January 2013, the Algerian man, Hamza Bendelladj, who was also indicted in the case was arrested in Thailand. The case against him is still pending, and Panin was arrested in July 2013 while he was flying through Hartsfield-Jackson Atlanta International Airport in Atlanta for allegedly using the Web to scam various banks.