A US court has sentenced a Russian man to four years and six months in prison after he admitted using the notorious and sophisticated Citadel malware to commit fraud.
22-year-old Dimitry Belorossov, also known as “Rainerfox”, had pleaded guilty to committing computer fraud, gaining access to over 7000 computers. In addition to his prison sentence Belorossov has also been ordered to pay $322,409.09 in restitution according to an FBI press release.
The Citadel malware first emerged in late 2011, available for sale via criminal underground forums. The banking trojan horse made a name for itself stealing banking credentials, credit card details, and personal information with the view to making unauthorised transactions from victims’ accounts, while it simultaneous hijacked control of users’ PCs.
Citadel even attempting to grab the master passwords of some third-party password managers.
To make things even trickier for victims of the Citadel malware, infected PCs were prevented from accessing the websites of anti-virus vendors.
Citadel has been used in a variety of ways by online criminal, including targeted attacks alongside exploiting Microsoft zero-day exploits against corporations, as well as conventional financially-motivated campaigns hoping to infect the computers of regular users.
Prosecutors told the court in Atlanta, Georgia, that Belorossov downloaded a version of Citadel in 2012, and operated a botnet with the malware. In addition, he provided “online assistance with the goal of developing suggested improvements to Citadel, including posting comments on criminal forums on the internet and electronically communicating with other cybercriminals.”
Belorossov won’t be able to cause any more harm to internet users and their bank balances for some time, while he’s a guest of the US prison system. And the authorities should be congratulated for bringing this case to its conclusion.
But, sadly, there are many more malicious hackers and online criminals out there who show no sign of being deterred despite the hefty sentences which can be meted out.
Don’t relax and imagine that you can wait for the computer crime-fighting authorities to arrest every online criminal. Protect your computers, your data, your bank accounts with a layered defence-in-depth to reduce the chances of you becoming the next victim of a malware attack and online fraud.