A citizen of the former USSR, who lived in Riga, Latvia, received three charges related to the operation of “Scan4you” – an online anti-virus service. The service helped hackers to avoid anti-malware solutions, announced the US Department of Justice.
Court files reveal that in 2009-2015, 37-year-old Ruslans Bondars used Scan4you. The service allowed malicious software developers to exploit vulnerabilities in antivirus software that protects millions of systems belonging to the largest US entrepreneurs, financial institutions and government agencies.
An example of the effects of Scan4you’s activity is the case where the service has helped to steal 40 million credit and debit card numbers, as well as about 70 million addresses, telephone numbers and other personal data of US citizens. One of the injured companies then calculated a loss of 290 million dollars.
The perpetrators, covering their virus under the name Citadel, infected malicious code with more than 11 million computers around the world. They also used Scan4you to break security and hide their program. The developers of the Citadel caused their victims to be harmed by about 500 million dollars.
“Trojan horses like the Citadel operate in hiding and take control of the victim’s machine. They can send data to their creator, captured passwords and files stored on disk. “- says Mariusz Politowicz, technical engineer at Bitdefender from Marken “Citadel Virus was a modified version of the Zeus Trojan that targeted bank users. In most cases, it was used to steal banking credentials or other confidential information that could have been found on victims’ computers. “- he adds.
“The creator of the malicious code used the special function Scan4you, which enabled the implementation of the said spyware system through the Application Programming Interface (API). The tool allowed the user to be able to scan malware without the need for a direct upload on the Scan4you website. “, we read in the statement of the Department of Justice.
Unlike legitimate file scanning services, Scan4you was designed to diagnose malicious software provided anonymously – without sharing information about transferred files with a known virus database.