The law enforcement in Colombia has arrested an alleged cybercriminal who had distributed the Gozi Trojan.
The Romanian national, Mihai Ionut Paunescu, also known as “Virus,” was one of three major suspects considered to be responsible for the spread of the virus that affected more than a million PCs between 2007 and 2012.
He was arrested at Bogotá El Dorado international airport and faces extradition to the United States on charges of running a bulletproof hosting service.
Paunescu was arrested in his home country in 2012, but he was previously able to avoid extradition.
Bulletproof hosting is usually used by cybercriminals for backend infrastructure for the distribution of spam, malware, exploit kits, and to host stolen data. These online services turn a blind eye to the activities of their customers.
Paunescu faces allegations of computer intrusion and financial fraud at the Southern District Court of New York.
The Gozi banking Trojan that was first discovered in 2007 was spread through weaponized .PDF documents attached to emails. When downloaded, the malware would lurk in the background and collect bank account information and account details, which were then sent to the Trojan’s command-and-control (C2) server for operators to use in accessing accounts and conducting fraudulent transactions.
The threat actors rent out the malware and its infrastructure for $500 a week which was considered as the early form of today’s Malware-as-a-Service (MaaS) criminal setups.
Gozi’s source code was leaked in 2010 and many variants were created which are still in active use.
In 2016, the Russian creator of Gozi, Nikita “76” Kuzmin, was sentenced in US court after pleading guilty to various computer intrusion and fraud charges.
It is estimated that the malware caused losses to victims amounting to tens of millions of dollars.