A Bulgarian national extradited from his home country has been charged with a number of hacking offences after making an appearance at a US court earlier this week.
Krasimir Nikolov appeared before a federal grand jury in Pittsburgh on Monday after being arrested during a multi-agency operation to break up the Avalanche cyber crime network, which was thought to be one of largest botnets on the planet.
The 44-year-old, who was flown from his home in Vama by US marshals on Saturday night, was charged with bank fraud, criminal conspiracy and unauthorised access of a computer to obtain financial information. Prosecutors accuse Nikolov of using a malware package called GozNym to steal financial information from local businesses.
The court heard that Nikolov is alleged to have attempted to use devices infected with the malware to funnel $1.5 million (€1.41 million) from the bank accounts of two companies in western Pennsylvania and two in California to money mules based in the US, who would have been instructed to use their own banking facilities to transfer the funds out of the country.
A statement from Acting Western District of Pennsylvania Attorney Soo Song, who oversaw Nikolov’s indictment, said: “GozNym malware has been used to target private businesses and their respective financial institutions in the United States since late 2015.
“Victims receive phishing emails containing a hyperlink or an attachment designed to look like a legitimate business invoice. By clicking on the hyperlink or attachment, the victim’s computer becomes infected with the GozNym malware.
“The malware steals the victim’s online banking login credentials which the criminals then use to access the victim’s bank account and issue unauthorised wire transfers.”
Nikolov, who is thought to be a member of the hacking team that wrote the GozNym virus, faces a prison sentence of up to 100 years and a maximum fine of $3.5 million if convicted of the charges he faces.
GozNym is just one of a number of malware strains that was distributed by the Avalanche network, which was thought to have been made up of as many as 500,000 infected devices in more than 180 countries. At its peak, the botnet was thought to host 17 different types of highly-infectious malware, including pandabanker, urlzone and loosemailsniffer.
In a statement issued after the conclusion for the operation to take down the Avalanche botnet, Scott Smith, Assistant Director of the FBI’s Cyber Division, said: “Cyber criminals can victimise millions of users in a moment from anywhere in the world. This takedown highlights the importance of collaborating with our international law enforcement partners against this evolution of organised crime in the virtual [world].”