Zeus Botnet Suspected Leader Arrested in Geneva

Written by

Swiss authorities have apprehended a Ukrainian national wanted by the Federal Bureau of Investigation (FBI) for 12 years for connections with a cyber-criminal group that stole millions of dollars from bank accounts using malware called Zeus.

Vyacheslav Igorevich Penchukov was arrested in Geneva on October 23, 2022, and is now pending extradition to the US, reported independent security journalist Brian Krebs.

Penchukov was first named in a 2012 indictment by the US Department of Justice, alongside Ivan Viktorvich Klepikov and Alexey Dmitrievich Bron, as one of the leaders in the JabberZeus Crew, a small cyber-criminal gang from Ukraine and Russia that attacked victims with a customized version of the Zeus banking Trojan.

"The indictment alleges that the 'Zeus' malware captured passwords, account numbers, and other information necessary to log into online banking accounts," read the court document at the time. "The conspirators allegedly used the information captured by 'Zeus' to steal millions of dollars from victims' bank accounts."

Two additional members of JabberZeus, Yevhen Kulibaba and Yuriy Konovalenko, pleaded guilty in November 2014 after being arrested and deported from the UK. They were sentenced to two years and 10 months of incarceration a year later.

All participants in the gang were accused of conspiracy to commit computer fraud and identity theft, conspiracy to participate in racketeering activity, aggravated identity theft and several counts of bank fraud.

The crew's name derived from the malware they used, which was configured to send them a Jabber instant message every time a new victim entered a one-time password (OTP) code into a phishing page mimicking their bank.

According to Krebs, the JabberZeus gang mainly targeted small and mid-sized businesses, and its members were pioneers of the so-called 'man-in-the-browser' attacks.

After accessing victims' bank accounts, the hackers would modify the firm's payroll to include dozens of 'money mules' who would handle bank transfers and forward any stolen payroll deposits overseas.

The original version of the Zeus banking Trojan was allegedly created by an anonymous individual known by the handle "lucky12345," as per a Wired report from 2017.

The Zeus criminal group has now been reportedly dismantled, but years later, banking Trojans remain a pressing issue in the cybersecurity community.

What’s hot on Infosecurity Magazine?