Federal prosecutors say a sophisticated malware package designed to steal banking and other credentials from infected computers has been disrupted and charges have been filed against a Moldovan administrator of the botnet known as,“Bugat,” “Cridex” or “Dridex.”Actions taken by the U.K. and the U.S. substantially disrupted the botnet.
Andrey Ghinkul, 30, of Moldova, was charged in a nine-count indictment with criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud and bank fraud. Ghinkul was arrested on Aug. 28, 2015 in Cyprus. The United States is seeking his extradition.
“The steps announced today are another example of our global and innovative approach to combating cybercrime,” said Assistant Attorney General Leslie R. Caldwell. “The Bugat/Dridex botnet, run by criminals in Moldova and elsewhere, harmed American citizens and entities. With our partners here and overseas, we will shut down these cross-border criminal schemes.”
According to the indictment, Ghinkul was part of a criminal conspiracy that disseminated Bugat, which is a multifunction malware package that automates the theft of confidential personal and financial information, such as online banking credentials, from infected computers through the use of keystroke logging and web injects.
It is generally distributed through “phishing,” an email fraud method where legitimate-looking emails are distributed to victims in an attempt to obtain personal or financial information. Bugat is specifically designed to defeat antivirus and other protective measures employed by victims. The FBI estimates at least $10 million in direct loss domestically can be attributed to Bugat.
Victims of Bugat/Dridex may use the following webpage created by US-CERT for assistance in removing the malware: https://www.us-cert.gov/dridex.
The indictment alleges that Ghinkul and his co-conspirators used the malware to steal banking credentials and then, using the stolen credentials, to initiate fraudulent electronic funds transfers of millions of dollars from the victims’ bank accounts into the accounts of money mules, who further transferred the stolen funds to other members of the conspiracy.