Bulgarian Man Charged With Using Malware To Drain US Bank Accounts
Accused of helping a massive online criminal enterprise, he's the only one known to be extradited to the US
A Bulgarian man has been arrested and extradited to the United States for allegedly helping develop and use GozNym, a malicious program that records infected computers’ keystrokes to infiltrate victims’ bank accounts and steal their money.
GozNym is a hybrid malware, created from two others respectively called Gozi and Nymaim. It spreads, as so much malware does, by phishing attacks, in which a fraudulent email is sent to a user, asking them to download and run a file that secretly recorded their keystrokes when they used banking websites. From there, the criminals behind the program wired money to themselves via a “money mule” intermediary account.
According to his indictment, filed Oct. 4 but under seal until Tuesday, the man, Krasimir Nikolov, 44, was a key player in a team that developed and deployed GozNum for a criminal operation that tried to steal at least $1.5 million, and successfully did transfer at least $121,130, from four small businesses in California and Pennsylvania.
Nikolov’s arrest came out of a multinational crackdown on an online criminal gang called Avalanche, the breakup of which was announced by the FBI, the U.K.’s National Crime Agency, and law enforcement agencies, and Europe on Dec. 1.
GozNym is but one of several malicious programs Avalanche has used to extort money from victims around the world. According to the NCA, half a million computers are thought to be infected with some kind of Avalanche malware.
The Avalanche operation was massive, according to Europol, consisting of 37 searches, 39 servers seized, and 221 other servers knocked offline.
However, only five individuals were arrested, and that’s not believed to comprise the entirety of the Avalanche network. Nikolov is so far the only suspect named by and extradited to the U.S.