US Jails NeverQuest Malware Creator for 4 Years

Written by

A Russian hacker who created a piece of malware to steal money from bank accounts has been jailed for four years by a United States court. 

Stanislav Vitaliyevich Lisov was arrested by Spanish authorities at Barcelona–El Prat Airport on January 13, 2017, at the request of the FBI, then extradited to the United States on January 19, 2018. 

Lisov is the creator of banking Trojan NeverQuest and part of a criminal enterprise that used the malware in attempts to steal $4.4M from the bank accounts of hundreds of victims. 

The 34-year-old pleaded guilty to one count of conspiracy to commit computer hacking. He was handed a four-year custodial sentence yesterday by the United States District Court for the Southern District of New York.

In addition to his prison term, Lisov was sentenced to three years of supervised release and was ordered to pay forfeiture of $50,000 and restitution of $481,388.04.

The US Department of Justice stated that Lisov and his co-conspirators used social media, phishing emails, and file transfer services to distribute the NeverQuest banking Trojan worldwide between June 2012 and January 2015. Exploit kits or drive-by downloads were used as initial infection vectors.

Once surreptitiously installed on a victim’s computer, NeverQuest was able to identify when a victim attempted to log on to an online banking website and transfer the victim’s login credentials—including his or her username and password—back to a computer server used to administer the NeverQuest malware.

NeverQuest administrators were able to remotely control a victim’s computer and log in to the victim’s online banking or other financial accounts, transfer money to other accounts, change login credentials, write online checks, and purchase goods from online vendors.

US Attorney Geoffrey S. Berman stated: "This type of cybercrime threatens personal privacy and harms financial institutions. Lisov’s arrest, extradition, conviction, and prison sentence should send an unmistakable message about this Office’s firm commitment to prosecuting hackers—domestic and foreign alike."

Lisov was responsible for key aspects of the creation and administration of a network of victim computers known as a "botnet" that was infected with NeverQuest. One of his roles was to rent and pay for the computer servers used to manage the botnet that had been compromised by NeverQuest.  

Those computer servers contained lists with approximately 1.7 million stolen login credentials for victims’ accounts on banking and other financial websites.

What’s hot on Infosecurity Magazine?