Russian creator of ‘SpyEye’ malware pleads guilty to bank fraud

The FBI has announced the arrest and charge of Alexsandr Panin, 24, a Russian hacker who developed the SpyEye trojan and used it to steal financial information and money from around the world.

In a Justice Department statement, Ricky Maxwell, Acting Special Agent in Charge, said that: “The apprehension of Mr. Panin means that one of the world’s top developers of malicious software is no longer in a position to create computer programs that can victimize people around the world.”

“Botnets such as SpyEye represent one of the most dangerous types of malicious software on the Internet today, which can steal people’s identities and money from their bank accounts without their knowledge.”

Panin created SpyEye in 2009. It is thought to have infected more than 1.4 million computers in its lifetime, creating a massive botnet for hire. Yesterday he pled guilty to conspiracy to commit wire and bank fraud in a court in the Northern District of Georgia.

“Given the recent revelations of massive thefts of financial information from large retail stores across the country, Americans do not need to be reminded how devastating it is when cyber criminals surreptitiously install malicious codes on computer networks and then siphon away private information from unsuspecting consumers,” said Acting Assistant Attorney General Mythili Raman.

The Register reports that Panin sold custom versions of SpyEye on secretive forums for between $1,000 and $8,500. He is thought to have sold SpyEye to at least 150 people; one of whom, using the alias ‘Soldier’ used the malware to steal $3.2m.

More than 10,000 bank accounts worldwide are thought to have been hacked by SpyEye. Panin’s arrest has led to four further arrests – in the UK and Bulgaria – of people known to have used the malware.

SpyEye was used by one Eastern European hacking gang to steal approximately $70m from companies, churches and government organisations in the US and Europe, according to Yahoo.

Panin was first investigated in 2011, when FBI agents seized a SpyEye server in Georgia. Later that year, agents communicated with Panin – under his aliases ‘Gribodemon’ and ‘Harderman’ – purchasing a version of the software.

He was arrested in July 2013 and immediately extradited to Atlanta, Georgia. Panin had been on vacation visiting a friend in the Dominican Republic, according to Russia Today.

A spokesperson for the Russian Foreign Ministry denounced the arrest: “Of course, we are seriously concerned about the fact that it again concerns the arrest of a Russian citizen with a US warrant in a third country. We think the fact that such practices are becoming a vicious tendency is absolutely unacceptable and inadmissible,” Russian Foreign Ministry Information and Press Department Deputy Director Maria Zakharova said.

Author , ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.