Russian national Aleksandr Andreevich Panin, the developer and distributor of the dreaded malware SpyEye has pleaded guilty this week in an Atlanta federal court. Panin was also known in cyber criminal circles as “Gribodemon” and “Harderman.” According to industry estimates, the SpyEye malware, developed specifically to help stealing from financial institutions, has infected more than 1.4 million computers worldwide.
United States Attorney Sally Quillian Yates said, “Panin was the architect of a pernicious malware known as SpyEye that infected computers worldwide. He commercialized the wholesale theft of financial and personal information.”
According to Yates, SpyEye is an extremely sophisticated malware that automates the theft of confidential, personal and financial information such as online banking credentials, credit card information, usernames, passwords, PINs, and other personal identification information.
SpyEye works by secretly infecting the computers of victims to allow cyber criminals to remotely control infected computers through command and control servers. Once a computer is infected, cybercriminals can access the computers from remote locations and steal the victim’s personal and financial information through techniques like web injects, credit card grabbers and keystroke loggers. The data is then transferred to C2 servers where it is used to steal money from the financial accounts of the victims.
Panin was the principal developer and distributor of the SpyEye virus. He operated from Russia from 2009 to 2011, while conspiring with others to develop, market and sell several versions of this virus and component parts on the Internet. He also allowed cybercriminals to order tailor-made versions of the malware to obtain personal and financial information of victims. He also marketed versions targeted at specific financial institutions.
According to information received from the financial industry, in 2013 alone, at least 10,000 bank accounts had been compromised by SpyEye infections. A C2 server searched and seized in 2011 by the FBI showed at least 200 computers controlled by one server.
The Federal Bureau of Investigation led an international manhunt against Panin and his associate Hamza Bendelladj. Panin was arrested in July, 2013 at the Hartsfield-Jackson Atlanta International Airport. His associate was arrested from Suvarnabhumi Airport in Bangkok, Thailand.