Gozi trojan creator arrested by Colombia police

Colombian law enforcement has apprehended an accused cybercriminal who distributed the Gozi Trojan.

 

Mihai Ionut Paunescu, popularly known as “Virus,” a Romanian national, was one of three main suspects in the virus’s spread, which impacted more than a million computers between 2007 and 2012.

 

 

 

He was detained at the El Dorado international airport in Bogotá and faces extradition to the United States on charges of operating a bulletproof hosting business.

 

 

 

Paunescu was apprehended in his own country in 2012, but he managed to dodge extradition in the past.

 

Cybercriminals usually require bulletproof hosting as backend infrastructure for the distribution of spam, malware, exploit kits, and stolen data. These online services turn a blind eye to their consumers’ activities.

 

 

In the Southern District Court of New York, Paunescu is accused of computer hacking and financial fraud.

 

The weaponized version of the Gozi banking Trojan was first found in 2007. Documents in PDF format are attached to emails.

 

When the virus was downloaded, it would quietly collect bank account information and account details, which were then forwarded to the Trojan’s command-and-control (C2) server for operators to utilize in accessing accounts and making fraudulent activities.

 

The threat actors rent out the malware and its infrastructure for $500 a week, a precursor to today’s Malware-as-a-Service (MaaS) criminal setups.

 

The source code for Gozi was released in 2010, and various versions were developed, some of which are still in use today.

 

Nikita “76” Kuzmin, the Russian creator of Gozi, was convicted in a US court in 2016 after pleading guilty to computer intrusion and fraud charges.

 

The infection is reported to have cost victims tens of millions of dollars in damages.

 

 

Also read:

 

21-year-old scammer arrested for phishing operation

Russian cybercriminal arrested in US

Clop ransomware gang arrested by Ukraine police

Latvian woman charged for developing trickbot banking malware