Law enforcement in Cyprus and Norway have arrested two men considered to be key players in the creation and distribution of Dridex, respectively Citadel, two very powerful and highly efficient banking trojans.
The first is an unnamed 30-year old man from the Republic of Moldavia, which authorities have arrested while trying to cheat a bank for $3.5 million / €3.12 million.
The man was detained in a rented house in Paphos, a vacation town in Cyprus, where he was temporarily living with his wife.
The arrest was carried out after an anonymous tip was received, and sources close to the investigation claim to man was a key figure in an international organized crime gang responsible for distributing the Dridex (Cridex, Bugat, Dyre) banking trojan, as security researcher Brian Krebs reports.
The man in question seems to also have been part of the famous Business Club APT group, which operated the Gameover Zeus botnet that infected over 500 million PCs and was responsible for stealing around $100 million / €90 million from various banking and financial institutions.
Meanwhile in Norway…
Eleven months earlier in Fredrikstad, Norway, a 27-year-old Russian man known as Mark was also arrested, being detained at the FBI’s request.
According to a Norwegian newspaper, the man has been charged with running the Citadel malware-as-a-service product, used previously to infect users with spyware and exfiltrate banking-related details by logging keystrokes and capturing video and images from the victim’s computer.
Citadel operated since 2012, and there are known cases when it was also used to distribute the Reveton ransomware.
According to sources in the US Justice Department, investigators have solid evidence that Mark is actually Aquabox, Citadel’s creator and proprietor.
The Russian man has been held under house arrest for the past 11 months, authorities waiting until extradition procedures to the US are completed.
As with Mark, Dridex’s creator is now also facing extradition to the US.