Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Neverquest Trojan Operator Pleads Guilty

A Russian national has admitted in court to using the Neverquest Trojan to infect computers and steal their information for financial gain, the United States Department of Justice (DoJ) says. 

A Russian national has admitted in court to using the Neverquest Trojan to infect computers and steal their information for financial gain, the United States Department of Justice (DoJ) says. 

The man, Stanislav Vitaliyevich Lisov, 33, also known as “Black” and “Blackf,” was arrested in Spain on January 13, 2017, around the same time when the Trojan’s activity ceased. Lisov was extradited to the United States in January 2018.

On Friday, the DoJ announced that Lisov pleaded guilty to “conspiring to deploy and use a type of malicious software known as Neverquest to infect the computers of unwitting victims, steal their login information for online banking accounts, and use that information to steal money out of the victims’ accounts.”

Several years ago, Neverquest was one of the most active banking Trojans out there, causing significant damages in stolen funds. According to the DoJ, the malware “has been responsible for millions of dollars’ worth of attempts by hackers to steal money out of victims’ bank accounts.”

Neverquest was being spread via social media websites, phishing emails, and file transfers. Once installed, the malware would identify when the victim attempted to log onto an online banking website, intercept their login credentials, including username and password, and send the information to the command and control (C&C) server. 

The threat provided operators with the possibility to remotely control the victim’s computer, log into their online banking or other financial accounts, transfer money, change the login information, write online checks, and buy goods from online vendors.

According to documents presented in court, between June 2012 and January 2015, Lisov was responsible for creating and administrating a botnet of Neverquest-infected machines. 

He also maintained infrastructure for this criminal enterprise (such as renting and paying for servers used for botnet management), personally harvested login information from unwitting victims, and discussed trafficking in stolen login information and personally identifiable information of victims.

Lisov pled guilty to one count of conspiracy to commit computer hacking, which carries a maximum sentence of five years in prison. His sentencing is scheduled for June 27, 2019. 

Related: Malware Creator Admits to Building and Selling LuminosityLink RAT

Related: Neverquest Trojan Ceases Operations

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.