US Justice Dept. Convicts Two Romanians of Cybercrimes Including Cryptojacking

Published at: April 13, 2019

A federal jury has convicted two Romanian alleged cybercriminals of spreading malware to steal credit card credentials and illicitly mine cryptocurrency, an announcement from the official website of the United States Department of Justice revealed on April 11.

The malware allegedly spread by the suspects was reportedly used for cryptojacking and to steal credit card and other data that the suspects would have sold on darknet markets and used to engage in online auction fraud.

As the Justice Department press release reports, Bogdan Nicolescu, 36, and Radu Miclaus, 37, were convicted after a 12-day trial.

The two individuals were charged with wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud.

The two are scheduled to be sentenced on August 14 this year in the Northern District of Ohio.

The activity was allegedly conducted as a “criminal conspiracy” from Bucharest, Romania, by the aforementioned suspects and another person who pleaded guilty. The malware itself was reportedly developed in 2007 and then spread via emails posing as legitimate communications from entities like Western Union, Norton AntiVirus and the Internal Revenue Service.

As the press release explains, the recipients that clicked on the attached file in such an email had malware installed on their devices. The malware also harvested email addresses from the contact lists of the victims. The infected computers also reportedly registered over 100,000 AOL email accounts that were used to spread the malware further with millions of emails sent to the stolen addresses.

The virus also purportedly redirected traffic to major websites such as Facebook, PayPal, eBay to a near identical version meant for phishing to obtain access credentials. The stolen credentials were reportedly used to rent server space, register domain names and pay for anonymization services.

Lastly, the report also specifies that the case was jointly investigated by the U.S. Federal Investigation Bureau and the Romanian National Police.

As Cointelegraph reported earlier this week, Bitcoin (BTC) wallet service Electrum is facing an ongoing Denial-of-Service attack on its servers and users have reportedly lost millions of dollars.

In a report from last month by AT&T Cybersecurity, it was revealed that cryptocurrency mining is one of the most observed objectives of hackers attacking businesses’ cloud infrastructures.

At the end of March, news broke that a new strain of Trojan malware for Android phones is targeting global users of top crypto apps such as Coinbase, BitPay and Bitcoin Wallet, as well as banks including JPMorgan, Wells Fargo, and Bank of America.

Tags
Related Posts
Browser-based cryptojacking is back as attacks spike 163%
The crypto price surge since March has been accompanied by a wave of cryptojacking attacks according to new research published by cybersecurity firm Symantec. According to the company there was a 163% increase in browser-based cryptojacking activity in the second quarter of 2020. Cryptojacking had previously been in a steep decline from March 2019 due to the shutdown of the mining script maker, CoinHive. Symantec points out the increase in the last quarter coincided with a surge in the value of Bitcoin (BTC) and Monero (XMR), two cryptocurrencies often mined by the threat actors that rely on browser-based cryptojacking malware. …
Technology / Aug. 26, 2020
Monero Cryptojacking Malware Targets Higher Education
According to a study published by Guardicore Labs, a malware botnet known as FritzFrog has been deployed to ten millions of IP addresses. The malware has largely targeted governmental offices, educational institutions, medical centers, banks, and telecommunication companies, installing a Monero (XMR) mining app known as XMRig. Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers. That’s where an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. After it gets in it proceeds to run a separate process named “libexec” to execute XMRig. “It has successfully …
Technology / Aug. 20, 2020
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Malware Shellbot is Now Capable of Shutting Down Other Miners
The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1. Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update. The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners …
Blockchain / May 1, 2019
New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research
American software security firm Symantec found a spike in a new crypto mining malware that mainly targets enterprises, TechCrunch reports on April 25. The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes. First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China. As found by researchers, Beapy malware is reportedly spread through malicious emails. Once …
United States / April 25, 2019