Hacker indicted for Dridex, Zeus in Evil Corp's $100m global bank frauds

News by SC Staff

An international offensive headed by UK & US investigators identify Russians behind global bank fraud malware campaigns

Maksim V Yakubets, 32, who goes by the online moniker ‘aqua’ from Moscow was indicted in two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present. The individual indicted for spreading Bugat malware is Igor Turashev, 38, from Yoshkar-Ola, Russia, said the ten-count indictment statement.

The US government announced a US$ 5 million (£3.8 million) bounty on the Russian national for hacking and bank fraud worldwide. His compatriot was indicted for his role related to the "Bugat" malware conspiracy.

Yakubets is accused of leading the hacking group calling itself ‘Evil Corp’ while Igor Turashev is said to be a key administrator of the group. The bounty on Yakubets is the largest such reward offer for a cyber-criminal to date, said the US Justice Department announcement.

He is also charged with "conspiracy to commit bank fraud" in connection with the ‘Zeus’ malware.

"Beginning in May 2009, Yakubets and multiple co-conspirators are alleged to have a long-running conspiracy to employ widespread computer intrusions, malicious software, and fraud to steal millions of dollars from numerous bank accounts in the United States and elsewhere," said the announcement. 

"Yakubets and his co-conspirators allegedly infected thousands of business computers with malicious software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal money from victims’ bank accounts. As with Bugat, the actors involved with the Zeus scheme were alleged to have employed the use of money mules and a botnet."

"Maksim Yakubets allegedly has engaged in a decade-long cyber-crime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide," said US assistant attorney general Benczkowski in the announcement.  

He acknowledged the help of their international partners, particularly the UK's National Crime Agency, in identifying Yakubets and his co-conspirators.

"For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world," said US attorney Scott W Brady in the statement. 

"Deploying ‘Bugat’ malware, also known as ‘Cridex’ and ‘Dridex,’ these cyber-criminals targeted individuals and companies in western Pennsylvania and across the globe in one of the most widespread malware campaigns we have ever encountered.  International cybercriminals who target Pennsylvania citizens and companies are no different than any other criminal: they will be investigated, prosecuted and held accountable for their actions."

Dridex has been responsible for the theft of at least US$ 100 million (£76 million) from financial institutions in over 40 countries, say official estimates.

"This is not a victimless crime, those losses were once people’s life savings, now emptied from their bank accounts," said NCA director Rob Jones in the announcement.

Trojan.Dridex is capable of stealing specific information. It usually goes after a list of installed applications and the OS version of the affected machine, which is crucial information for further exploring the affected system. The main goal of this Trojan is usually to steal banking credentials.

Malwarebytes Labs lists Dridex as banking trojan and spyware targeting Windows systems, capable of stealing specific information. 

"It usually goes after a list of installed applications and the OS version of the affected machine, which is crucial information for further exploring the affected system. The main goal of this Trojan is usually to steal banking credentials." 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews