Russian Citadel Trojan Operator Jailed After Infecting Over 11 Million Computers

Posted: July 29, 2017

russian citadel trojan operators jailedA Russian citizen was found guilty of being one of the creators of the Citadel banking Trojan which infected over 11 million computers across the globe.

A Moscow resident named Marcos Vartanyan was just convicted to five years in jail by an American district court. Vartanyan himself admitted his guilt in front of the court.

The Russian-born Vartanyan, aka 'Kolypto', as he liked to call himself online, was found guilty of aiding in the development, maintenance and operation a malware threat dubbed 'Citadel'. The prosecutors say Vartanyan worked on the malware from August 2012 and January 2013 when he lived and worked in Ukraine, and later when he lived in Norway from April to June 2014.

The Moscow-born Vartanyan arrested in Norway by local authorities in October 2014, and later extradited to the United States of America in December last year, where he was tried. The 29-year-old Russian ended up cutting a deal with the American prosecutors, Vartanyan promised to assist with the investigation in exchange for a smaller sentence. Additionally, the Citadel developer had already spent two years in a Norwegian prison, which the prosecutors allegedly took into consideration.

The Citadel malware was designed to attack the system networks of large financial and government entities on a global scale as well as take their user info to carry out illegal money transactions, and in many cases, fund the activities of other cyber criminals.

Upon analysis, it was discovered that the Citadel malware was an upgrade of the Zeus trojan, which similarly prayed on banking institutions via keyloggers. The Zeus malware was used to steal over 500 million American dollars in over 90 countries all over the planet.

Marcos Vartanyan and his confederates fooled their targets into getting infected by the malware by sending phony emails, which masqueraded as emails from real banks and financial institutions. However, in reality, they contained infected links leading to malicious codes.

Vartanyan and his cohorts made the Citadel malware to be quite sophisticated, making it very difficult to detect and remove by victims and even by legit anti-malware apps.

The Citadel malware is allegedly responsible for some of the most daring hacks against the banking sector.

Microsoft, the FBI, and several security firms have managed to take out more 1,000 botnets used by the Citadel Trojan.

Back in 2013 software giant Microsoft, the security company Agari and the Financial Services Information Sharing and Analysis Center (FS-ISAC) joined up with the FBI to stop the Citadel malware. During the joint investigation, the Citadel malware's source code was leaked, supposedly by its own creators, which allowed anti-malware and anti-virus apps to finally shut down the dangerous financial Trojan.

"Mark Vartanyan utilized his technical expertise to enable Citadel to become one of the most pernicious malware toolkits of its time, and for that, he will serve significant time in federal prison," US attorney John Horn said in a statement.

Another Russian citizen named Dimitry Belorossov, aka "Rainerfox", was arrested in St. Petersburg. Belorossov was convicted in September 2015 to serve four and a half years in prison after pleading guilty in Atlanta to conspiring to commit computer fraud via the distribution and installation of Citadel malware in computer networks using various methods.

The Department of Justice is still investigating the Citadel malware and looking for the remainder of the group, which created it.

Home Cybersecurity Russian Citadel Trojan Operator Jailed After Infecting Over 11 Million Computers

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.