A Ukrainian countrywide has pleaded guilty in the U.S. to his part in two various malware techniques, Zeus and IcedID, involving Could 2009 and February 2021.
Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in Oct 2022 and extradited to the U.S. last year. He was added to the FBI’s most-required listing in 2012.
The U.S. Office of Justice (DoJ) described Penchukov as a “chief of two prolific malware teams” that contaminated 1000’s of pcs with malware, foremost to ransomware and the theft of hundreds of thousands of dollars.
This involved the Zeus banking trojan that facilitated the theft of bank account info, passwords, own identification numbers, and other aspects necessary to login to online banking accounts.
Penchukov and his co-conspirators, as aspect of the “broad-ranging racketeering organization” dubbed Jabber Zeus gang, then masqueraded as workers of the victims to initiate unauthorized fund transfers.
They also made use of men and women residing in the U.S. and other areas of the planet as “cash mules” to get the wired resources, which had been in the end funneled to abroad accounts managed by Penchukov et al. A successor to Zeus was dismantled in 2014.
The defendant has also been accused of facilitating destructive action by aiding lead assaults involving the IcedID (aka BokBot) malware from at least November 2018. The malware is capable of acting as an facts stealer and a loader for other payloads, these as ransomware.
In the long run, as investigative journalist Brian Krebs documented back again in 2022, he managed to evade prosecution by Ukrainian cybercrime investigators for quite a few many years thanks to his political connections with previous Ukrainian President Victor Yanukovych.
Pursuing his arrest and extradition, Penchukov pleaded responsible to a single rely of conspiracy to dedicate a racketeer-influenced and corrupt group (RICO) act offense for his leadership position in the Jabber Zeus group. He also pleaded guilty to a single rely of conspiracy to commit wire fraud for his leadership part in the IcedID malware team.
Penchukov is scheduled to be sentenced on May 9, 2024, and faces a greatest penalty of 20 several years in jail for each and every depend.
The enhancement comes as the DoJ introduced the extradition of a 28-12 months-outdated Ukrainian countrywide from the Netherlands in connection with fraud, cash laundering and aggravated identity theft by allegedly functioning and advertising and marketing an data stealer known as Raccoon.
Mark Sokolovsky, who was arrested by Dutch authorities in March 2022, leased Raccoon to other cybercriminals on a malware-as-a-support (MaaS) model for $200 a thirty day period. It 1st grew to become offered in April 2019.
“These folks used a variety of ruses, these as email phishing, to install the malware onto the pcs of unsuspecting victims,” the DoJ explained.
“Raccoon infostealer then stole individual info from victim pcs, which include login qualifications, financial information, and other individual records. Stolen information and facts was used to dedicate economical crimes or was bought to other individuals on cybercrime discussion boards.”
At least 50 million special qualifications and kinds of identification have been harvested by the malware, in accordance to the U.S. Federal Bureau of Investigation (FBI) estimates.
Sokolovsky’s arrest was accompanied by a coordinated takedown of Raccoon’s electronic infrastructure, but a new version of the stealer, known as RecordBreaker, has because emerged in the wild.
He has been billed with 1 count of conspiracy to commit fraud and linked action in link with personal computers, 1 depend of conspiracy to dedicate wire fraud, a person depend of conspiracy to dedicate funds laundering, and 1 rely of aggravated id theft.
Discovered this short article attention-grabbing? Comply with us on Twitter and LinkedIn to read extra exceptional material we article.
Some parts of this article are sourced from:
thehackernews.com