Russian developer of banking trojan that stole more than £400m, faces lengthy stint in American jail
The Russian mastermind of the Citadel Trojan that infected approximately 11 million computers around the world, has pleaded guilty to one count of computer fraud, in an Atlanta courtroom.
Mark Vartanyan, 29, otherwise known as Kolypto, developed and distributed the notorious Citadel Trojan, which was used by criminal gangs to steal bank account data and hold files to ransom.
Vartanyan faces up to 10 years in prison, and a fine of $250,000, as well as “full restitution, due and payable immediately, to all victims of the offense(s)”, and “forfeiture of any and all proceeds from the commission of the offense”.
Vartanyan had been extradited from Norway in December to the United States.
According to US prosecutors the malware he created whilst living in Ukraine and Norway infected about 11 million computers worldwide.
Indeed, Citadel was actually a malware toolkit that was designed to infect computer systems and steal financial account credentials and personally identifiable information from victim computer networks.
The malware was active from 2011, and was offered for sale on invite-only, Russian-language internet forums frequented by cybercriminals. According to US authorities, the criminals using Citadel targeted and exploited the computer networks of major financial and government institutions around the world.
They cited industry estimates as saying that Citadel was responsible for over $500 million (£399m) in losses.
Vartanyan pleaded guilty to one count of computer fraud, in a court in Atlanta, after he uploaded “numerous electronic files” for the Citadel malware.
But it should be noted that Vartanyan is co-operating with US authorities in exchange for a reduced prison sentence. He is due to be sentenced in June.
Vartanyan is also the second defendant charged in connection with an ongoing investigation of the Citadel malware.
Back in September 2015, another Russian Dimitry Belorossov (i.e. Rainerfox) was sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud for distributing and installing Citadel onto victim computers using a variety of infection methods.
Banks of course are a prime target for cyber criminals, thanks to the potentially lucrative rewards.
One of the most common threat vectors is the “Man-in-the Browser” issue. This is where stealthy pieces of malware install a Trojan horse onto a victim’s computer that is capable of not only stealing usernames and passwords, but also injects arbitrary content into their computer.
The banking sector is particularly prone to this threat, and the malware can be used to steal usernames, passwords and PIN codes, and also modify websites in order to social engineer and steal additional credentials.