Authorities have arrested two key players involved in developing distributing Dridex and respectively Citadel, two of the most sophisticated and widespread banking Trojans to date, according to security researcher Brian Krebs.
A 30-year old man from Moldavia was caught in Cyprus and accused of conspiring to cheat a bank and using his personal computer to obtain $3.5m. The man seems to be a leading figure in a cyber-crime gang that managed Dridex (also known as Dyre), the banking Trojan responsible for stealing millions of login credentials.
The group is allegedly part of Business Club, a cyber-crime organization accused of stealing more than $100 million from banks and businesses worldwide with the help of the infamous Gameover Zeus.
Bitdefender has been monitoring this threat since its debut in 2014, blocking and analyzing several ongoing spam campaigns used for distribution. In a recent blast (July 2015), customers of reputable financial and banking institutions from the US, UK, Germany, Denmark, Australia, Romania and France were targeted, including big names such as Bank of America, Citibank, Wells Fargo, JP Morgan Chase and PayPal.
The alleged creator of Citadel, a 27-year old Russian, was also arrested by the FBI, in Norway. Citadel, which first appeared in January 2012, can run silently in the background, logging key strokes and capturing images and videos of victims’ computers. The primary aim of this type of attack is to covertly steal people’s bank details and defraud them. More worrisome is the fact that it can also deploy Reveton, a ransomware posing as an FBI imposed lockdown that demands a payment to make it operational again.
Both malware authors now face extradition to the US.