Chemical Safety Incidents
Trojan Suspects Arrested
Thursday, September 10, 2015 @ 02:09 PM gHale
Two men considered to be key players in the creation and distribution of the Dridex and Citadel Trojans are under arrest and awaiting extradition to the United States, police said.
The first is a 30-year-old man from the Republic of Moldavia whose name police did not make available. Authorities arrested him while trying to steal $3.5 million from a bank. The man ended up busted in a rented house in Paphos, a vacation town in Cyprus, where he was temporarily living with his wife.
The arrest culminated from an anonymous tip was received, and sources close to the investigation said the man was a key figure in an international organized crime gang responsible for distributing the Dridex (Cridex, Bugat, Dyre) banking Trojan, according to report from security researcher Brian Krebs.
The man in question seems to also have been part of the Business Club APT group, which operated the Gameover Zeus botnet that infected over 500 million PCs and was responsible for stealing around $100 million from various banking and financial institutions.
Eleven months earlier in Fredrikstad, Norway, a 27-year-old Russian man known as Mark is also awaiting extradition after his arrest. The FBI is handling the case and is working toward extraditing him to the U.S.
According to a Norwegian newspaper, the man will face charges of running the Citadel malware-as-a-service product, used previously to infect users with spyware and exfiltrate banking-related details by logging keystrokes and capturing video and images from the victim’s computer.
Citadel operated since 2012, and there are known cases when it was also used to distribute the Reveton ransomware.
According to the U.S. Justice Department, investigators have solid evidence Mark is actually Aquabox, Citadel’s creator and proprietor.
The Russian man has been under house arrest for the past 11 months, authorities waiting until extradition procedures to the U.S. wrap up.