The Columbian law enforcers arrested a cybercriminal who allegedly distributed the Gozi Trojan.
Mihai Ionut Paunescu, a Romanian national, aka “Virus,” was identified as one of the individuals who spread the virus that affected over a million PCs between 2007 and 2012. He was arrested at Bogota El Dorado international airport on charges of operating a bulletproof hosting service.
Paunescu was previously arrested in Romania in 2012, but he managed to avoid extradition back then.
Bulletproof hosting is used by criminals to host stolen data and distribute spam, phishing, and malware. These services are known to be lenient towards the criminal activities of their customers.
In addition, Paunescu is accused of financial fraud and computer intrusion by the Southern District Court of New York.
The Gozi banking Trojan was first discovered in 2007 when it was spread through .PDF documents to collect sensitive information about users’ bank accounts. It exfiltrated stolen data via a command-and-control server to its operators who later carried out fraudulent transactions.
This kind of threat actors could rent out the malware and its infrastructure for a few hundred dollars a week.
In 2010, Gozi’s source code leaked, which led to the creation of many variants that are still in use today.
In 2016, Nikita Kuzmin, the Russian creator of Gozi, was sentenced to 37 months in prison in the US and was ordered to pay close to $7 million in restitution.
Another criminal, Latvian Deniss “Miami” Calovskis, was sentenced to 21 months in prison for his involvement in the Gozi’s criminal ring.
The FBI estimates that the various variants of the malware that were used caused victims to lose millions of dollars. NASA was among the most notable victims of the attack.