Security Experts:

Connect with us

Hi, what are you looking for?



Notorious Cybercriminal Released From Prison

Earlier this month, Belarusian authorities released from prison Sergey Yarets, a notorious cybercriminal and co-developer of the Andromeda botnet.

Earlier this month, Belarusian authorities released from prison Sergey Yarets, a notorious cybercriminal and co-developer of the Andromeda botnet.

Yarets, who used the online moniker of Ar3s, was arrested in late November 2017, when Federal Bureau of Investigation (FBI) and law enforcement agencies in Europe dismantled the Andromeda botnet.

Also known as Gamarue or Wauchos, Andromeda has been around since 2011, its primary purpose being that of credential theft and malware distribution. Detected on over 1 million machines each month during the second half of 2017, the botnet had been associated with 80 malware families.

At the time of takedown, security researchers identified 464 distinct Andromeda botnets and 1,214 domains and IP addresses of command and control (C&C) servers. In January this year, ESET warned of difficult cleaning efforts for such a long-lived botnet and said Andromeda would die a slow death.

Despite Andromeda’s size (victims were identified in over 200 countries) and the considerable effort international law enforcement agencies and private organizations put into taking it down, Yarets was released on August 9, 2018.

When arrested, Yarets was charged for his involvement in the sale, maintenance, and use of Andromeda. A resident of Rechitsa, Gomel Region, Belarus, he was formerly a technical director at OJSC “Televid” Tele-Radio, threat intelligence provider Recorded Future reveals.

Opposition news agency Radio Svaboda, the only Belarusian media outlet to have reported the release, says that Yarets was ordered to pay $5,500 as retribution for the income made from the botnet, and that his apparent cooperation with the authorities was what led to his quick release.

As per Radio Svaboda Belarus’ reporting, Yarets’s lawyer “elaborated that Yarets’s extraordinary knowledge should serve the country’s interests and that there was no evidence of damage done to Belarusian citizens or organizations because Yarets did not target member countries of the Commonwealth of Independent States,” Recorded Future notes.

Yarets apparently claimed that Andromeda was created by a “genius and alcoholic” developer, supposedly the Russian threat actor waahoo. Yarets claims he received the exclusive rights of the Andromeda Trojan in 2012.

Although waahoo apparently continued to be involved in the Trojan’s development until approximately 2015, Yarets was the only one responsible for Andromeda’s operation at the time of his arrest.

“The Belarusian investigators and judges most likely knew this but did not take it into account for unknown reasons,” Recorded Future notes.

“This case is an example of a selective approach toward the punishment of cybercriminals in ex-Soviet states, allowing them to avoid just punishment when states are interested in them, diminishing the importance and efficiency of international cooperation in this field,” the security firm concludes.

Related: Andromeda Botnet to Die Slow, Painful Death 

Related: Authorities Take Down Andromeda Botnet

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack