Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Bayrob Malware Operators Convicted in the U.S.

Two Romanians have been convicted in the United States for their role in a longstanding online fraud operation that incurred millions of dollars in losses.

Two Romanians have been convicted in the United States for their role in a longstanding online fraud operation that incurred millions of dollars in losses.

The two, Bogdan Nicolescu, 36, and Radu Miclaus, 37, both residents of Bucharest, Romania, were found guilty after a 12-day trial on 21 counts related to their scheme. They were indicted in December 2016 and are scheduled for sentencing on August 14, 2019.

According to court documents and testimony at trial, the two started the criminal conspiracy in 2007 with the development of proprietary malware known as Bayrob, which was being distributed via malicious emails purporting to be from Western Union, Norton AntiVirus and the IRS.

Bayrob was designed to harvest email addresses from the infected computers, including those stored in contact lists or email accounts, and then send malicious emails to these addresses, to spread further. The cybercriminals infected and controlled over 400,000 computers, primarily in the United States.

The cybercriminals leveraged control of these computers to harvest personal information from victims, including card information, usernames and passwords. They also disabled victims’ malware protection and blocked them from accessing websites associated with law enforcement.

Nicolescu and Miclaus also leveraged the control over the infected machines to mine for crypto-currency and to register email accounts with AOL. Over 100,000 email accounts were registered this way, and then employed to send tens of millions of malicious emails to the compromised contact lists.

The cybercriminals also intercepted requests to websites such as Facebook, PayPal, eBay and others, and redirected the victims to nearly identical domains to steal account credentials. They also injected fake pages into legitimate websites to trick users into following fake instructions.

Stolen credit card information was used to fund the criminal infrastructure, such as renting server space, registering domain names using fictitious identities, and paying for Virtual Private Networks (VPNs) to conceal identities.

Advertisement. Scroll to continue reading.

The cybercriminals placed more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on eBay and similar auction sites, using photos infected with malware, meant to redirect computers to fictitious webpages that resembled legitimate eBay pages.

These pages asked users to pay for goods through a nonexistent “eBay Escrow Agent,” who was a person hired by the defendants. The fraudulent escrow agents wired the money to others in Eastern Europe, who in turn gave it to the defendants, while the victims never received the items and never got their money back.

In an effort to launder the millions of dollars in losses caused this way, the Bayrob group hired money mules and created fictitious companies with fraudulent websites to pose as legitimate financial transactions. Money was wired to the fraudulent companies and then to Western Union or MoneyGram offices in Romania. The mules collected the money and delivered it to the defendants.

Related: Head of Money Mule Operation Extradited to the United States

Related: Bayrob Malware Operators Indicted in U.S.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.