Alleged SpyEye author arrested in USA
According to krebsonsecurity, the federal authorities of Atlanta will officially announce the arrest and the charges against Tver's native Alexander Panin (alleged Gribodemon) in the near future. It is indicated that Panin was the author of SpyEye, one of the world's most famous banking malware tools.
In 2013, Panin was wanted by Interpol on the basis of order No. 1: 11-CR-557, issued by the District Court of Georgia. Then he was detained by the authorities of the Dominican Republic and extradited to the United States.
')
[ Order No. 1: 1-CR-557 ]
Contacts Gribodemon (Jabber, e-mail) were featured in Microsoft DCU civil actions when dismantling the Zeus botnet two years earlier. At least, even then it became obvious that the author “went into the shadows” or was detained by law enforcement agencies, since the malware itself stopped updating and new versions were no longer released.
The damage caused by SpyEye to banking institutions and credit card holders is enormous. At least we are talking about tens of millions of dollars that cybercriminals stole using it using fake web forms in browsers and through web injecting mechanisms. SpyEye used interceptions of important API calls in the context of the browser process and displayed fake forms to the user in which he had to enter credit card details, such as the number, holder's name, CVV, and card expiration date. Further, these data were sent to the attackers server.
The scheme of cybercriminals also involved "mules", the so-called intermediaries, who had to cash out the funds transferred by the attackers from the accounts of cardholders to specially created for this account.
Fig. A typical pattern of cybercriminals who use bank malware, including SpyEye.
In 2013, Panin was wanted by Interpol on the basis of order No. 1: 11-CR-557, issued by the District Court of Georgia. Then he was detained by the authorities of the Dominican Republic and extradited to the United States.
')
[ Order No. 1: 1-CR-557 ]
Contacts Gribodemon (Jabber, e-mail) were featured in Microsoft DCU civil actions when dismantling the Zeus botnet two years earlier. At least, even then it became obvious that the author “went into the shadows” or was detained by law enforcement agencies, since the malware itself stopped updating and new versions were no longer released.
The damage caused by SpyEye to banking institutions and credit card holders is enormous. At least we are talking about tens of millions of dollars that cybercriminals stole using it using fake web forms in browsers and through web injecting mechanisms. SpyEye used interceptions of important API calls in the context of the browser process and displayed fake forms to the user in which he had to enter credit card details, such as the number, holder's name, CVV, and card expiration date. Further, these data were sent to the attackers server.
The scheme of cybercriminals also involved "mules", the so-called intermediaries, who had to cash out the funds transferred by the attackers from the accounts of cardholders to specially created for this account.
Fig. A typical pattern of cybercriminals who use bank malware, including SpyEye.
Source: https://habr.com/ru/post/210630/
All Articles