Russian jailed in US over Citadel malware

A Russian national has been sentenced to 4.5 years in US prison for using sophisticated malware known as “Citadel” to try to steal banking information from thousands of computers, authorities said.

Dimitry Belorossov, 22, of St Petersburg, pleaded guilty in July 2014 to one count of conspiring to commit computer fraud for his role in a US$500 million global cyber crime scheme that infected more than 11 million computers worldwide.

US District Judge Thomas Thrash in Atlanta imposed the sentence, which also requires Belorossov to pay more than US$320,000 (A$457,758) in restitution.

Belorossov's lawyer did not immediately respond to a request for comment.

Citadel, which first appeared in 2011, was designed to capture banking and credit card information from computers and had the ability to block antivirus software.

Criminals installed the malware through malicious attachments contained in spam emails and other means. Belorossov, who used the online alias Rainerfox, downloaded one version of Citadel in 2012 and eventually gained access to more than 7000 computer systems, US authorities said.

Microsoft and the Federal Bureau of Investigation, working with authorities in dozens of countries, launched an assault in 2013 on the malicious computer networks that were used by the Citadel gang. The company said the attack had freed as many as five million personal computers from the malware.

The global crime ring was believed to have stolen more than US$500 million from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo, Microsoft said in 2013.