SpyEye Banking Malware Mastermind Pleads Guilty
Russian national pleads guilty to creating and spreading the SpyEye malware with partner in crime
The man responsible for creating, maintaining and disseminating SpyEye, a banking Trojan that was able to seize personal account details, has pleaded guilty in an Atlanta, US court.
Russian national Aleksandr Andreevich Panin was identified after selling SpyEye to an undercover FBI agent. He was apprehended by Interpol in the Dominican Republic and estradited to Georgia, where he was arrested at Hartsfield-Jackson Atlanta International Airport.
SpyEye infected more than 1.4 million computers, according to the FBI, making off with banking login data. SpyEye botnets were also used for distributed denial of service (DDoS) attacks to take websites offline.
SpyEye sting
Panin allegedly worked alongside co-defendant Hamza Bendelladj, who was charged and extradited to the US from Thailand last year, selling different versions of the malicious software for between $1,000 and $8,500.
The crackdown on SpyEye formed part of Operation Clean Slate, which the FBI said was set up to go on the offensive against “the major cyber players who make botnets possible”.
“The next person you peddle your malware to could be an FBI undercover employee… so regardless of where you live, we will use all the tools in our toolbox – including undercover operations and extraditions – to hold cyber criminals accountable for profiting illicitly from US computer users,” said FBI executive assistant director Rick McFeely.
Whilst SpyEye largely targeted US bankers, UK users were also made to pay by the malware, itself a relative of Zeus, another financial data thief. In 2012, two men from the Baltic region were imprisoned in the UK for running a SpyEye operation that earned them £100,000.
Trend Micro helped law enforcement in bringing down the SpyEye masterminds. “Almost four years ago, the … team at Trend Micro began a particularly focused investigation into the person or people behind SpyEye. Over the intervening period, we mapped out the infrastructure used to support the malware, we identified weak points in that infrastructure and pursued a number of important leads pointing to the identities of individuals behind this pernicious banking Trojan,” said Rik Ferguson, vice president for security research at Trend.
“Once we felt that we had sufficient information we involved law enforcement who drove it to the successful conclusion you see today.”
Are you a security expert? Try our quiz!