A 22-year-old Russian man was sentenced to four years and six months in prison for widely distributing and installing a popular banking trojan known as Citadel, as well as for operating a Citadel botnet made up of thousands of machines.
Dimitry Belorossov – also known as Rainerfox – pleaded guilty in 2014 to conspiracy to commit computer fraud. On top of time in prison, he will have three years of supervised release and is ordered to pay $322,409.09 in restitution.
Citadel is designed to capture banking credentials, payment card data and other personal information. According to a release, Belorossov first downloaded a variant of the malware in 2012 and then leveraged it to amass a botnet of more than 7,000 machines.
“Belorossov's Citadel botnet contained personal information from the infected victim computers, including online banking credentials for U.S.-based financial institutions with federally insured deposits, credit card information, and other personally identifying information,” the release said.
In the release, Belorossov was said to have infected systems with Citadel using a variety of methods, including malicious attachments in spam emails and commercial advertisements containing the malware or links to the malware.
On top of distributing Citadel and operating the botnet, Belorossov also used criminal forums, email and instant messaging services to engage in discussions related to improving the malware, the release explained.
In 2012, Belorossov posted on online forum Citadelmovement[dot]com.
“In those postings, which were in Russian, Belorossov shared his concurrence with the improvements to Citadel recommended by others and commented on the efficacy of additional criminal functions other customers had recommended as enhancements to the Citadel malware,” the release said.
Belorossov committed the computer hacking offenses in Russia, but was arrested by U.S. law enforcement partners in Spain.