Hacker arrested for selling bank accounts of US, Canadian users

Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold them on the dark web.

The suspect distributed trojanized software as free resources using several websites that he administered. He also promoted these sites through advertising campaigns.

The police note that the suspect distributed software for both desktop and mobile (Android) operating system.

"To distribute his virus, the hacker created and administered several websites, offering users to download various software for free," reads the police's announcement.

"The suspect launched an entire advertising campaign on the internet to "promote" the controlled web resources."

Suspect's computer desk
Suspect's computer desk (cyberpolice.gov.ua)

The payloads infected the victims' devices and siphoned sensitive data to the hacker, who used it to hack into the victim's Google accounts and online banking.

The hacker then sold access to the breached accounts to other cybercriminals over the dark web, arranging payments in Bitcoins after contacting them over the phone using a Russian number.

The Ukrainian authorities say that the suspect had accomplices for this activity, who maintained darknet accounts. Their identities is currently unknown but authorities are looking to learn who they are during the investigation.

The press release from the police also mentions that the hacker has been active since 2017 and pivoted to phishing in 2021. Preliminary details confirmed that the cybercriminal obtained at least $92,000 from his activity, but that figure is likely to be much higher.

The arrest occurred on February 14, at the suspect's home. The police confiscated various items during three separate searches, including a luxury Mercedes-Benz SUV worth around $65,000.

For his criminal activity, the suspect now faces up to 8 years of prison and the confiscation of all property, for violations in the Criminal Code of Ukraine - Part 2 of Article 209 (laundering of property obtained by criminal means), Part 2 of Article 361 (unauthorized interference with the operation of information systems, electronic communication networks), and Part 1 of Article 361-1 (creation for the purpose of illegal use, distribution, or sale of harmful software or technical means, as well as their distribution or sale).

To reduce the risk of malware infections while searching for specific software tools, users should exercise caution with promoted results in Google Search and verify that the loaded site is the official one from the vendor.

It is also a good idea to use an ad-blocker that can automatically hide promoted results on Google Search, safeguarding online activities from malvertising threats.

Related Articles:

FBI seizes Warzone RAT infrastructure, arrests malware vendor

Police disrupt Grandoreiro banking malware operation, make arrests

Germany takes down cybercrime market with over 180,000 users

Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison

Facebook ads push new Ov3r_Stealer password-stealing malware