US charges Dridex banking trojan operators, offers $5m bounty

Travel could get complicated for Dridex operator after US indictmentCredit: Freelance sourced
Travel could get complicated for Dridex operator after US indictment

The US Department of Justice (DoJ) has charged two Russian nationals with running a multi-million dollar malware operation using the infamous banking trojan Dridex.  

The DoJ revealed the indictments on Thursday, detailing charges against  Maksim V. Yakubets and Igor Turashev. 

Yakubets, 32 from Moscow, is accused of running computer hacking and bank fraud schemes for the past decade using the Dridex and Zeus banking trojans. 

Turashev, 38, allegedly acted as a sysadmin for the operation, managing the malware operations internal control panel and overseeing the Dridex botnet. 

According to the UK’s National Crime Agency (NCA), which assisted US prosecutors, Yakubets ran the “world’s most harmful cybercrime group” called Evil Corp. NCA alleges Evil Corp Corp stole from UK businesses and individuals for over a decade. 

NCA highlighted that Yakubets, who uses the pseudonym ‘Aqua’, owns a customised Lamborghini supercar with numberplate that translates to ‘thief’.  

While Dridex and Zeus victims are spread across the globe, the pair are being charged for specific attacks on “two banks, a school district, and four companies including a petroleum business, building materials supply company, vacuum and thin film deposition technology company and metal manufacturer in the Western District of Pennsylvania and a firearm manufacturer”, according to the DoJ

The FBI also accused Yakubets with conspiracy to commit bank fraud in connection with the “Zeus” malware from 2009, infecting thousands of business computers with malware to capture online banking credentials to steal money from online accounts. 

The charges however focus on attacks Yakubets allegedly carried out on 21 US municipalities, banks, companies, and non-profit organizations in California, Illinois, Iowa, Kentucky, Maine, Massachusetts, New Mexico, North Carolina, Ohio, Texas, and Washington. 

Yakubets is accused of using Zeus malware in attempt to steal USD$220 million and actually stole USD$70 million from victims’ bank accounts.  

Yakubets didn’t actually run Zeus, but, according to the FBI, he allegedly gave money mules the credential information required to move and withdraw money from compromised bank account. 

For the past decade Zeus has posed a threat to computer users across the world from phishing emails designed to steal credentials for online banking accounts. 

The FBI has posted a $5 million reward for information leading to the arrest of Yakubets. It’s also posted a “wanted” notice for Turashev.  

The US charges put serious restrictions on Yakubets’ future travel plans unless he has well-crafted fake travel documents. The NCA threatens he will be arrested if he leaves Russia and that he will be extradited to the US if caught. 

“The work carried out by the NCA and its partners means he has now been exposed to the world and will be subject to significant international scrutiny. It also restricts his ability to operate with other criminals who will find him toxic to deal with,” the NCA said.  

Tags symantecUKzeusbanking TrojanDridexNCSCfbi

Show Comments