Coder of a Notorious Bank-Hacking Tool Pleads Guilty

A Russian hacker who developed the widely used SpyEye banking trojan pleaded guilty today to creating the malicious toolkit, one of the most popular hacking tools of the past two years.

Aleksandr Andreevich Panin, known online as “Gribodemon” and “Harderman,” was convicted in Atlanta of conspiracy to commit wire and bank fraud, charging stemming from his role as the primary developer and distributor of a sophisticated toolkit that allowed thieves to steal millions of dollars from victims.

Interpol agents arrested the 24-year-old in the Dominican Republic in June, then handed him over to U.S. authorities. Documents related to the case remained sealed until today’s plea hearing in the Northern District of Georgia.

SpyEye was among the most popular malware toolkits from 2009 until 2011 and is believed to have infected more than 1.4 million computers in the United States and elsewhere. The software allowed hackers to steal banking credentials, credit card data and other information, which thieves used to siphon money from the victims’ banking accounts and make fraudulent charges to their credit cards.

Panin created and polished the program and customized it for more than 150 customers, charging $1,000 to $8,000 a pop. The program could be configured to grab financial information from customers of specific banks, using web injects to display a fake bank web page and trick victims into entering their account credentials. Some versions also used with a keystroke logger or datastealer to grab data.

Although antivirus and other security tools have been able to detect SpyEye for a couple of years, it remains an effective tool and authorities believe it compromised at least 10,000 bank accounts in 2013 alone.

Authorities did not say how much Panin earned from the sale of SpyEye or from using the toolkit himself, but a Russian cybergang led by someone known as “Soldier” used SpyEye to steal more than $3.2 million during a six-month period in 2011.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA