US indicts two suspects behind Evil Corp and Dridex banking malware

The US Department of Justice has charged two Russians with alleged involvement in attacks involving the Dridex banking malware. They are said to have been using the financial malware since 2009 and have caused tens of millions of euros in damage.

The two accused suspects are a 32-year-old Russian who operates online under the name ‘aqua’ and a 38-year-old accomplice. From May 2009 they would use the banking malware Dridex, also known as Cridex and Bugat, in fraud practices. The US is offering a $5 million reward for information leading to the arrest of the prime suspect, the 32-year-old. According to the ministry, such a high reward has never been offered for a cybercriminal.

The two have been charged with conspiracy, illegal hacking, fraud and the distribution of the malware. The malware was originally intended to automatically extract personal data such as victims’ banking information from infected systems, but gradually expanded its functionality. For example, the malware was able to hijack internet sessions and present victims with fake banking sites to intercept their login details. Later versions, for example, allowed the installation of ransomware. Previous reports show that the malware could, among other things, masquerade as a certificate to deceive security software and use a leak in Word in its distribution.

The 32-year-old Russian is said to have been the leader of a network of criminals who developed the malware under the name Evil Corp and used it to extort money from people. According to the US, he oversaw development, management, distribution and infections, as well as the use of money mules to funnel money through bank accounts. His 38-year-old accomplice was reportedly responsible for system administration and the management of the control panel and botnets.

In addition to Dridex, the alleged criminals would have used the malware Zeus for their practices. As part of this case, two co-offenders from Ukraine were allegedly extradited from the UK to the US, where they pleaded guilty in 2015.