Tag: Zeus | SpinSafe

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

February 17, 2024/in Computer Security

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Pierluigi Paganini
February 17, 2024

A Ukrainian national pleaded guilty to his role in the Zeus and IcedID operations, which caused tens of millions of dollars in losses.

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations.

“Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two weeks,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division. “Before his arrest and extradition to the United States, the defendant was a fugitive on the FBI’s most wanted list for nearly a decade. Today’s guilty pleas should serve as a clear warning: the Justice Department will never stop in its pursuit of cybercriminals.”

On October 2022, Swiss police arrested Penchukov in Geneva, also known as Tank, which is one of the leaders of the JabberZeus cybercrime group.

The man was extradited to the United States in 2023, he was included in the FBI’s “Most Wanted” list and has been sought for 10 years.

In 2012, the Ukrainian national Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus crew. JabberZeus was a small cybercriminal ring that was targeting SMBs with a custom-made version of the Zeus banking trojan. At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

The popular investigator Brian Krebs reported that Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, noted in 2014 that Tank told co-conspirators in a JabberZeus chat on July 22, 2009 that his daughter, Miloslava, was and told him Miloslava birth weight.

Warner explained that Tank was identified by searching Ukrainian…

Source…

How the ZeuS Trojan Info Stealer Changed Cybersecurity

May 8, 2023/in Mobile Security

Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data.

Info stealers typically operate by monitoring keyboard input, capturing screenshots and intercepting network traffic. They may also search a hard drive for specific types of data. The stolen information is then exfiltrated to the attacker’s command-and-control (C2) server for further exploitation.

Information stealer malware has flourished on underground criminal networks. With extortion currently thriving, info stealer malware is also on the rise. Plus, info stealer services for financial fraud attacks are available on the dark web for as little as $200 per month.

Though this type of malware has been around in some form for over two decades, the ZeuS trojan was by far one of the most influential info stealers in that timeframe. Let’s take a look at the history of info stealers, and how this type of threat impacted cybersecurity then and now.

What Was the First Info Stealer?

One of the earliest known examples of a successful information stealer attack was the Melissa virus in 1999. One of the first highly successful email worms, Melissa spread rapidly through the use of infected Microsoft Word macros. The worm arrived in the form of an email with an attached document named “list.doc.”

When the recipient opened the attachment, the worm infected the victim’s computer and continued to spread. It replicated itself by sending infected emails to the first 50 contacts in the victim’s Microsoft Outlook address book. Experts categorize Melissa as an info stealer because, in addition to its worm-like behavior, it also accessed the victim’s email address book and harvested email addresses.

Harvesting information from the infected computer is a hallmark of info stealer malware. However, it’s worth noting that Melissa was primarily a self-replicating worm. The information-stealing capability was a secondary…

Source…