A Russian hacker who developed and sold the Gozi malware has been sentenced following the infection of over one million computers and after raking in millions of dollars in criminal proceeds.
Nikita Kuzmin was sentenced in New York after being accused of creating financial malware dubbed Gozi. Over the course of its life, the malware has infected at least one million PCs and caused “tens of millions of dollars in losses,” according to US prosecutors.
The 28-year-old Russian citizen pled guilty to computer intrusion and fraud charges in 2011, and now has finally been sentenced. On Monday, US law enforcement revealed the jail term was for time served, a total of 37 months.
Alongside time served, the cybercriminal must also pay damages of just under $7 million.
However, this is a drop in the bucket in comparison to how much prosecutors estimate Gozi has siphoned away from victims over the years. Although the exact figure is not known, it is believed to be at least tens of millions of dollars.
Gozi, first discovered in 2007, was spread through malicious .pdf documents attached to fraudulent emails. Once the file was opened, Gozi was downloaded onto systems and could not, back then, be detected by antivirus software. The malware then collected bank account information and user credentials which were then sent to operators in order to access online bank accounts and siphon away funds.
Eventually, a server was detected acting as the command and control (C&C) system for Gozi and containing roughly 10,000 account records belonging to 5,200 victims. The records also included account credentials for users at over 300 companies, including “leading global banks and financial services firms,” according to law enforcement.
The malware was also sold on by Kuzmin to other hackers. Trading as “76,” the Russian was able to make at least $250,000 renting and selling the malicious code to others. Throughout the case, Kuzmin was labelled the “pioneer” of today’s business model in which cybercriminals act as service providers to others by developing and renting malware.
Gozi was rentable for $500 a week and was compatible with customised web injections in order to spread beyond email and target specific banks. The malware would then collect data and sent it to the C&C, in which cybercriminals could access it as long as they had paid their weekly fee.
Victims of the malware can be found worldwide, including in the US, UK, Germany, France and Italy. NASA was one of Gozi’s most high-profile targets.
The source code for Gozi was leaked publicly in 2010, and a modified version of Gozi also went public in 2015.
In January, Deniss Calovskis was sentenced to time served — 21 months — for writing the code for web injections which served Gozi to victim banks.
Gozi may be old malware, but its presence still impacts the cybersecurity landscape. According to IBM, the malware’s code has been used to create a new hybrid Trojan called GozNym, which is currently being used in active campaigns against US and European banks.
Read on: Top picks