Industry News

USA hits Russian with 4.5 year prison sentence in Citadel malware case

Photo credits: Pixabay / geralt

A US court has sentenced a Russian man to four years and six months in prison after he admitted using the notorious and sophisticated Citadel malware to commit fraud.

22-year-old Dimitry Belorossov, also known as “Rainerfox”, had pleaded guilty to committing computer fraud, gaining access to over 7000 computers. In addition to his prison sentence Belorossov has also been ordered to pay $322,409.09 in restitution according to an FBI press release.

The Citadel malware first emerged in late 2011, available for sale via criminal underground forums. The banking trojan horse made a name for itself stealing banking credentials, credit card details, and personal information with the view to making unauthorised transactions from victims’ accounts, while it simultaneous hijacked control of users’ PCs.

Citadel even attempting to grab the master passwords of some third-party password managers.

To make things even trickier for victims of the Citadel malware, infected PCs were prevented from accessing the websites of anti-virus vendors.

Citadel has been used in a variety of ways by online criminal, including targeted attacks alongside exploiting Microsoft zero-day exploits against corporations, as well as conventional financially-motivated campaigns hoping to infect the computers of regular users.

Prosecutors told the court in Atlanta, Georgia, that Belorossov downloaded a version of Citadel in 2012, and operated a botnet with the malware. In addition, he provided “online assistance with the goal of developing suggested improvements to Citadel, including posting comments on criminal forums on the internet and electronically communicating with other cybercriminals.”

Belorossov won’t be able to cause any more harm to internet users and their bank balances for some time, while he’s a guest of the US prison system. And the authorities should be congratulated for bringing this case to its conclusion.

But, sadly, there are many more malicious hackers and online criminals out there who show no sign of being deterred despite the hefty sentences which can be meted out.

Don’t relax and imagine that you can wait for the computer crime-fighting authorities to arrest every online criminal. Protect your computers, your data, your bank accounts with a layered defence-in-depth to reduce the chances of you becoming the next victim of a malware attack and online fraud.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment