Aleksandr Andreevich Panin, one of the alleged masterminds behind the notorious SpyEye banking trojan, pleaded guilty in an Atlanta courtroom yesterday to conspiracy charges relating to the development and distribution of the the malware.
Panin pleaded guilty to conspiring to commit wire and bank fraud. He will be sentenced April 29, 2014, before United States District Judge Amy Totenberg.
Second only to the infamous and related Zeus banking trojan, SpyEye is among the most prominent pieces of financial malware to emerge in recent years. It essentially gives attackers the ability to steal online banking credentials from its victim’s machines, which criminals can use in turn transfer money out of those accounts. Certain versions of SpyEye are said to be capable of bypassing two-factor authentication mechanisms. According to the FBI, the SpyEye trojan has facilitated the infection of more than 1.4 million computers and the compromise of more than 10,000 online bank accounts, mostly located in the United States.
“As several recent and widely reported data breaches have shown, cyber attacks pose a critical threat to our nation’s economic security,” said United States Attorney Sally Quillian Yates. “Today’s plea is a great leap forward in our campaign against those attacks.”
“Panin was the architect of a pernicious malware known as SpyEye that infected computers worldwide. He commercialized the wholesale theft of financial and personal information. And now he is being held to account for his actions. Cyber criminals be forewarned—you cannot hide in the shadows of the Internet. We will find you and bring you to justice.”
Panin – also known by the pseudonyms ‘Gribodemon’ and ‘Harderman’ – is not the first man arrested in connection with the SpyEye trojan. In the summer of 2012, three Baltic men were arrested and charged with violating the United Kingdom’s computer misuse act after allegedly using the malicious software program to steal online banking credentials. In the spring of 2013, an alleged co-conspirator of Panin’s, Hamza Bendelladj of Algeria, was arrested in Thailand and extradited to the United States where he had been indicted in late 2011, and faced more than 30 counts related to botnet operation and bank fraud.
The FBI managed to catch Panin after conducting an investigation with international law enforcement and private sector partners, culminating in a search warrant that led to the seizure of a key SpyEye server. The FBI described this server as “very incriminating” because it “contained the full suite of features designed to steal confidential financial information, make fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (or DDoS) attacks from computers infected with malware.”
Several months after that, the FBI compelled the suspect to sell his wares to an undercover FBI agent. The suspect was arrested while flying through Hartsfield-Jackson Atlanta International Airport.
The FBI claims that Panin and others conspired to develop various versions of the SpyEye trojan which they would then advertise for sale in online criminal forums. Panin is said to have sold various versions of the SpyEye malware for anywhere between $1500 and $8500 to more than 150 customers. The exact amount of money stolen by the SpyEye trojan and the total profit earned by Panin are not known, though, one of Panin’s clients, “Soldier,” is reported to have made over $3.2 million in a six-month period using the SpyEye virus.
Threatpost reached out to the FBI’s Atlanta media contact, but a request for comment was not returned by the time of publication.