Romanian hacker faces US trial over virus for hire service

The Department of Justice (DOJ) announced today that it had extradited dual Romanian / Latvian national Mihai Ionut Paunescu — known as “Virus” — to the US from Colombia for allegedly designing malware used to steal money from bank accounts across the world and operating the infrastructure used to distribute it.

Paunescu is alleged to be one of the creators of the Gozi Virus, a Trojan that infected millions of computers in countries including the US, UK, Germany, Italy, and Finland between 2007 to 2012. Distributed through corrupted PDF documents, the Gozi Virus captured banking login details and passwords from infected machines, allowing its creators to steal tens of millions of dollars from bank accounts around the world.

According to an indictment filed in 2013 in the Southern District Court of New York, Paunescu also ran a “bulletproof hosting” service that was rented out to other cybercriminals, providing servers that could be used for online criminal activity like distributing malware and controlling botnets while keeping the operators’ identities anonymous.

The indictment also claims that NASA was a victim of the malware, with one of the allegations stating:

From in or about late 2011 through at least in or about mid-2012, MIHAI IONUT PAUNESCU a/k/a/ “Virus” … caused approximately 60 computers belonging to the National Aeronautics and Space Administration (“NASA”) to be infected with the Gozi Virus, resulting in approximately $19,000 in losses to NASA.

Per other details shared by US prosecutors, Paunescu was also a pioneer of a financial model that has now become commonplace, where he would rent access to the virus and its proceeds to other cybercriminals rather than using it himself. Paunescu allegedly charged $500 per week to use the Gozi Virus as a service.

In the aftermath of the Gozi Virus’ main activity period, Paunescu was arrested in Romania in 2012 but managed to avoid extradition after being released on bail. Almost 10 years later, he was caught in Colombia in June 2021 after being detained at Bogota airport, according to Colombia’s attorney general.

In a statement, Damian Williams, US attorney for the Southern District of New York, emphasized the willingness of prosecutors and law enforcement agencies to track cyber criminals over the long term.

“Even though he was initially arrested in 2012, Paunescu will finally be held accountable inside a U.S. courtroom,” Williams said. “This case demonstrates that we will work with our law enforcement partners here and abroad to pursue cyber criminals who target Americans, no matter how long it takes.”

Previously, another Latvian programmer involved in designing the virus was also extradited to the US and sentenced to 37 months in prison and a $7 million fine after taking a plea bargain.

So-called “bulletproof” hosting services play a crucial role in enabling global cybercrime, but operators often escape prosecution by hiding their identities or basing their activities in obscure locations. In 2019, police in Germany raided a former NATO bunker that had been converted into a bulletproof hosting data center by a Dutch national who had bought it from local authorities.

Related Posts

Nomad crypto bridge loses $200 million in chaotic hack

After a few quiet months, it’s happened again: another blockchain bridge hack with losses in the hundreds of millions of dollars. Nomad, a cryptocurrency bridge that lets…

US federal courts were reportedly hit by another data breach

The federal courts’ document system was hit by a breach with a “startling breadth and scope” in early 2020, according to a report from Politico that cites…

Google like Amazon may let police see your video without a warrant

Arlo, Apple, Wyze, and Anker, owner of Eufy, all confirmed to CNET that they won’t give authorities access to your smart home camera’s footage unless they’re shown…

Now Microsoft Office is blocking macros by default

There’s been a bit of back and forth since the change was originally announced, but this week Microsoft started rolling out an update to Microsoft Office that…

China linked hackers are exploiting a new vulnerability in Microsoft Office

A newly discovered vulnerability in Microsoft Office is already being exploited by hackers linked to the Chinese government, according to threat analysis research from security firm Proofpoint….

Hacker accesses a Verizon employee database and tries to ransom the data for $250,000

Verizon is dealing with an incident where a hacker captured a database containing company employee data, including the full names of workers as well as their ID…

Leave a Reply

Your email address will not be published.

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page