Petronella Blog Archive

Visit our New Blog

Malware Developers Arrested in Cyprus and Norway

Blog Post

A man from Moldova and a Russian national have been arrested by European authorities for the development and deployment of malware that targeted banks.

The 30-year-old Moldovan man, said to be responsible for over $3.5 million in bank theft, was arrested while vacationing with his wife at a beach in Cyprus.  He is said to be one of the main developers of Dridex, also known by Cridex and Bugat, which is a Trojan that targets banks.  His group is thought to have spun off from the Business Club.  Dridex started appearing about a month after the Business Club's Gameover ZeuS botnet was taken down.  The Business Club is thought to have stolen over $100 million.

The other arrest was of a 27-year-old Russian man identified only as "Mark" and took place in Norway.  The FBI believes Mark to be "Aquabox", the pseudonym of the creator of Citadel, a malware service thought to be behind an untold number of cyberheists against small businesses in the US and Europe.  Citadel is itself based on the ZueS Trojan.

As mentioned, Citadel was sold as a service that let the hackers buying it give feedback to its developers to request new features and fix bugs.  Citadel is thought to have been behind a hack that  compromised the data of a heating and air vendor that eventually led to the giant Target breach about a year and a half ago.

Mark maintains his innocence while Russia is protesting America's request for extradition.