A citizen of the former USSR who had been living in Riga, Latvia faces three charges related to his operation of “Scan4you,” an online counter-antivirus service that helped hackers dodge anti-malware solutions, the US Department of Justice has announced.
Court records reveal that, between 2009 and 2016, 37-year-old Ruslans Bondars operated Scan4you, a service that allowed malware developers to scan their malicious code against known AV solutions protecting millions of systems owned by major U.S. retailers, financial institutions and government agencies.
For instance, Scan4you helped the author of a credit card heist who made off with approximately 40 million credit and debit card numbers, as well as some 70 million addresses, phone numbers and other personal data of U.S. citizens. One retailer, particularly badly hit by the operation, suffered damages of $290 million.
The bad actors behind Citadel, a malware strain used to infect over 11 million computers worldwide, also leveraged Scan4you to hide their tracks. The developers of Citadel have caused their victims around $500 million in fraud-related damages.
“The Citadel developer took advantage of a special feature of Scan4you that allowed its integration directly into the Citadel malware toolkit through an Application Programming Interface, or API. The API tool allowed Scan4you users the flexibility to scan malware without the need to directly submit the malware to Scan4you’s website,” reads the DOJ press release.
Unlike legitimate scanning services, Scan4you was designed to diagnose malware fed to it anonymously – without sharing information about the uploaded files with the AV community.