Russian behind Citadel banking malware that led to $500m losses jailed for five years

Mark Vartanyan - who was working for an e-healthcare firm when he was arrested - follows fellow Russian Dimitry Belorossov into an American slammer

One of the Russian men behind the Citadel banking malware used to steal as much as $500m from bank accounts across the world has been jailed for five years in the US.

Mark Vartanyan, who had been living in Norway when he was apprehended, was extradited to the US in December 2016 to face charges. He had pleaded guilty and, according to prosecutors, had cooperated "from the start" with law enforcement authorities.

Also known as ‘Kolypto', he pleaded guilty to conspiracy to commit computer fraud and therefore avoided the risk of a 25-year prison sentence. He was also given two years' ‘credit' for the time he spent on remand in Norway while awaiting extradition.

In Norway, Vartanyan was working as the chief technical officer of an e-healthcare company called Dignio.

The Citadel malware was a widely distributed credential-stealing malware package based upon the Zeus Trojan horse malware package. The source code for Zeus, which included features for disabling anti-virus software in order to evade detection, was leaked in 2011 and widely used as the basis for a string of different malware packages.

Vartanyan took the Zeus source code and made a number of ‘improvements' to it, working with fellow Russian Dimitry Belorossov, also known as ‘RainerFox', who was sentenced to four-and-a-half years on similar charges in September 2015. He had been arrested while holidaying in Spain.

Citadel became one of the most widely used variants of Zeus due to the ‘malware-as-a-service' model tused to propagate the malware and to make money.

The pair made Citadel available for hire to third parties on an invitation-only, Russian language crime forum on the so-called ‘dark web', making it an early example of malware-as-a-service. That sales model may also, however, have enabled US law enforcement to track down and identify the pair behind Citadel.

The US government described Citadel as "one of the most advanced crimeware tools available in the underground market", and claimed that it had infected about 11 million PCs worldwide, causing losses of more than $500 million.

Prosecutor Steven Grimberg told the judge that Vartanyan had shown remorse and cooperated with the government, a factor behind the unusually low jail sentence for a crime of this type.

The Computing Cloud & Infrastructure Summit returns on Wednesday 20 September at the Hilton London Tower Bridge. Hear the latest Computing research, case studies from industry pioneers, and pose your questions to our expert CIO panellists. Attendance is free to qualifying IT leaders and senior IT professionals, but places are strictly limited, so register now