Russian Hacker Who Used NeverQuest Malware to Rip Off Bank Accounts Sentenced

Geoffrey S. Berman, the United States Attorney for the Southern District of New York, announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), was sentenced to 48 months in prison Nov. 21 for conspiring to deploy and use a type of malicious software known as NeverQuest to infect the computers of unwitting victims, steal their login information for online banking accounts, and use that information to steal money out of the victims’ accounts.  NeverQuest has been responsible for millions of dollars’ worth of attempts by hackers to steal money out of victims’ bank accounts.  LISOV was sentenced by U.S. District Judge Valerie E. Caproni, who presided over his guilty plea earlier this year.

U.S. Attorney Geoffrey S. Berman stated:  “Stanislav Vitaliyevich Lisov, a Russian hacker, used malware to infect victims’ computers, obtain their login credentials for online banking accounts, and steal money from their accounts.  This type of cybercrime threatens personal privacy and harms financial institutions.  Lisov’s arrest, extradition, conviction, and prison sentence should send an unmistakable message about this Office’s firm commitment to prosecuting hackers – domestic and foreign alike.”

According to the allegations in the Indictment to which LISOV pled guilty, public court filings, and statements made in court:

NeverQuest is a type of malicious software, or malware, known as a banking Trojan. It can be introduced to victims’ computers through social media websites, phishing emails, or file transfers.  Once surreptitiously installed on a victim’s computer, NeverQuest is able to identify when a victim attempted to log onto an online banking website and transfer the victim’s login credentials – including his or her username and password – back to a computer server used to administer the NeverQuest malware.  Once surreptitiously installed, NeverQuest enables its administrators remotely to control a victim’s computer and log into the victim’s online banking or other financial accounts, transfer money to other accounts, change login credentials, write online checks, and purchase goods from online vendors.

Between June 2012 and January 2015, LISOV was responsible for key aspects of the creation and administration of a network of victim computers known as a “botnet” that was infected with NeverQuest.  Among other things, LISOV maintained infrastructure for this criminal enterprise, including by renting and paying for computer servers used to manage the botnet that had been compromised by NeverQuest.  Those computer servers contained lists with approximately 1.7 million stolen login credentials – including usernames, passwords, and security questions and answers – for victims’ accounts on banking and other financial websites.  LISOV had administrative-level access to those computer servers.

LISOV also personally harvested login information from unwitting victims of NeverQuest malware, including usernames, passwords, and security questions and answers.  In addition, LISOV discussed trafficking in stolen login information and personally identifying information of victims.

On January 13, 2017, LISOV was arrested in Spain pursuant to a provisional arrest warrant.  On January 19, 2018, LISOV was extradited from Spain to the United States.

Read more at the Justice Department

(Visited 26 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Tenable Acquires Indegy

Tenable, Inc has acquired Indegy Ltd, an industrial cybersecurity firm which provides

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security