Officials have dismantled a major global systematized cybercrime network behind GozNym banking malware, in a joint effort by a number of law enforcement agencies.
GozNym banking malware is responsible for thieving approximately $100 million from over 41,000 victims worldwide, largely in the United States and Europe, for years.
As well as announcing the network takedown, the U.S. DoJ also declared that 10 persons involved in the procedure were charged with conspiracy to commit computer scam, intrigue to commit wire fraud and bank fraud, and collusion to commit money laundering.
The co-conspirators reside in Russia, Georgia, Ukraine, Moldova and Bulgaria. Another member of the conspiracy was earlier charged in a related accusation.
The defendants purportedly colluded to pollute victims’ machines with GozNym to capture online banking login IDs and then used the credentials to access to victims’ online bank accounts and steal money from them. The funds were laundered using U.S. and foreign beneficiary bank accounts.
Krasimir Nikolov, of Varna, Bulgaria, was detained and deported to the United States in December 2016. Nikolov was a “casher” or “account takeover specialist” who accessed victims’ accounts and tried to steal money through transfers into bank accounts controlled by fellow connivers.
Known as a GozNym schemer in the newly uncapped accusation, Nikolov is charged in a linked accusation and entered a guilty plea on charges relating to the GozNym conspiracy on April 10, 2019. He is scheduled for sentencing on Aug. 30, 2019.
The accusation asserts that Alexander Konovolov, aka “NoNe,” and “none_1,” age 35, of Tbilisi, Georgia, was the leader of the GozNym network and assembled the network by recruiting individuals through underground online criminal forums. Marat Kazandjian, aka “phant0m,” age 31, of Kazakhstan and Tbilisi, Georgia, was allegedly Konovolov’s assistant and technical administrator.
Gennady Kapkanov, aka “Hennadiy Kapkanov,” “flux,” “ffhost,” “firestarter,” and “User 41,” age 36, of Poltava, Ukraine, was an administrator of a bulletproof hosting service known as “Avalanche.” The network served Konovolov and Kazandjian, among others, and hosted more than 20 different malware campaigns, including GozNym.