MOSCOW, January 29 (RAPSI) - Russian national Aleksandr Panin pleaded guilty in the US Tuesday to conspiring to commit wire and bank fraud in connection with his role in developing and distributing the SpyEye malware program, according to a statement released by the US Attorney’s Office for the Northern District of Georgia.
The malware program was created with the specific intent of facilitating online theft from financial institutions, and that it has infected more than 1.4 million computers, according to a US Federal Bureau of Investigation (FBI) announcement on the matter also released Tuesday.
After infecting a computer, the program is able to obtain the financial and personal information from victims, and in turn is able to transfer money from victims’ bank accounts.
The statement notes ominously: “Ultimately, though, Panin sold his malware online to the wrong customer—an undercover FBI employee. And after an investigation involving international law enforcement partners as well as private sector partners, a dangerous cyber threat was neutralized.”
Between 2009 and 2011, Panin and others conspired to advertise and develop different versions of the program. He was able to sell the malware to upwards of 150 individuals, each of whom paid a sum ranging between $1,000 and $8,500 for different versions of the program.
According to the statement: “Once in their hands, these cyber criminals used the malware for their own nefarious purposes—infecting victim computers and creating botnets (armies of hijacked computers) that collected large amounts of financial and personal information and sent it back to servers under the control of the criminals. They were then able to hack into bank accounts, withdraw stolen funds, create bogus credit cards, etc.”
The US Attorney’s Office noted that the FBI used undercover sources to communicate with Panin directly.
The FBI then purchased a version of the malware containing what it referred to in its own statement as “full suite of features designed to steal confidential financial information, make fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (or DDoS) attacks from computers infected with malware.”
The US Attorney’s Office noted that a grand jury handed down a 23-count indictment against Panin and a co-defendant in December 2011, though at that point Panin had not been fully identified.
Panin was arrested in July 2013 in the state of Georgia, and his sentencing is set to occur on April 29.