A Russian national has pleaded guilty in a United States court to charges related to the development and distribution of the Citadel malware.
Mark Vartanyan, who has been going by the hacker name of “Kolypto,” was arrested in Norway and extradited to the United States in Dec. 2016. For his role in the development and maintenance of the Citadel malware, he is charged with one count of computer fraud.
Citadel is a well-known information-stealing malware designed with keylogging capabilities as means to steal account credentials for online banking. The malware also recruited infected machines into botnets that were estimated in June 2013 to have been responsible for over half a billion dollars in financial fraud, affecting more than five million people in 90 countries.
The threat emerged soon after the source code for the Zeus malware emerged online. New variants of the malware were observed starting with late 2014, the most recent of them being Atmos, which was described about a year ago as Citadel's polymorphic successor. This variant had more than 1,000 bots in April last year.
Starting in 2011, Citadel was offered for sale on invite-only, Russian underground forums, and was used to target and exploit the networks of major financial and government institutions, U. S. Attorney John Horn said in a statement. The malware is estimated to have infected around 11 million computers worldwide.
Vartanyan is accused of being actively engaged in the “development, improvement, maintenance and distribution of Citadel” between August 21, 2012 and January 9, 2013, while living in Ukraine, and between April 9, 2014 and June 2, 2014, while living in Norway.
“During these periods, Vartanyan allegedly uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information, all with the intent of improving Citadel’s illicit functionality,” a last week announcement from the Department of Justice reads.
Vartanyan was charged in a one-count Information with computer fraud, and he is pleading guilty, the plea agreement filed this week by the U.S. Attorney’s Office, Northern District of Georgia, reads (PDF). The hacker faces up to 10 years in prison and a maximum fine of $250,000.
“This defendant’s alleged role in developing and improving “Citadel” for its use by cybercriminals caused a vast amount of financial harm to individuals and institutions around the world. His appearance in federal court today shows that cybercriminals cannot hide in the shadows of the Internet. We will identify them and bring them to justice wherever they operate,” U.S. Attorney Horn said.