14 DAY TRIAL // Russian programmer behind Citadel Trojan, which was used for bank-account-raiding, has pleaded guilty.
Mark Vartanyan, also known by the name of "Kolypto," was arrested last year in Norway and extradited to America a month later. He was charged with one count of computer fraud, for which he pleaded guilty. In exchange for his admission, Vartanyan could get up to 10 years in jail and a $250,000 fine, down from 25 years behind bars. He will only find out his sentence in June.
"We must continue to impose real costs on criminals who believe they are protected by geographic boundaries and can prey on the American people and institutions with impunity," said FBI special agent David LeValley. "It further demonstrates the FBI's long-term commitment to identifying and pursuing cyber criminals world-wide, and serves as a strong deterrent to others targeting America's financial institutions and citizens through the use of malicious software."
A trip back to 2011
If your memory is a bit fuzzy on the Citadel issue, that's understandable because the trojan appeared back in 2011. It infected Windows PCs, silently picking up victims' online banking credentials only to later allow criminals to get their hands on the cash. Citadel could also spy on computers and hold files for ransom, setting down a trend that's now grown into a phenomenon.
According to US prosecutors, at its height, the malware infected 11 million computers and was responsible for the theft of over $500 million from bank accounts.
"Between on or about August 21, 2012, and January 9, 2013, while residing in Ukraine, and again between on or about April 9, 2014, and June 2, 2014, while residing in Norway, Vartanyan allegedly engaged in the development, improvement, maintenance and distribution of Citadel. During these periods, Vartanyan allegedly uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information, all with the intent of improving Citadel’s illicit functionality," reads a case file.
Nowadays, there are some versions of the malware still circulating. At its base, Citadel is a variant of the famous ZeuS banking trojan.
Citadel was one of the first malware-as-a-service out there, with its source code being sold on exclusive Russian dark web forums.