Russian sentenced to five years prison for 'Citadel' malware

A Russian man who US prosecutors say played a role in developing the Citadel malware used to steal personal financial information from thousands of computers worldwide has been sentenced to five years in prison.

Mark Vartanyan, known online as "Kolypto," was sentenced by US district court judge Mark Cohen in Atlanta after pleading guilty in March to computer fraud, federal prosecutors said.

The sentence includes credit for the two years Vartanyan spent in Norwegian custody before he was extradited to the United States in December. A lawyer for Vartanyan declined to comment.

Prosecutors said Vartanyan, from 2012 to 2014 while living in the Ukraine and Norway, helped develop, improve, and maintain Citadel, which was designed to steal financial and personal identification information from computer networks.

Citing industry estimates, prosecutors said Citadel infected about 11 million computers worldwide and caused over US$500 million in losses.

"Mark Vartanyan utilised his technical expertise to enable Citadel into becoming one of the most pernicious malware toolkits of its time, and for that, he will serve significant time in federal prison," US attorney John Horn said in a statement.

Vartanyan was the second person to be sentenced in connection with the investigation of the Citadel malware.

In 2015, Dimitry Belorossov, a Russian national who prosecutors said distributed and installed Citadel onto computers, was sentenced to 4.5 years in prison after pleading guilty to conspiring to commit computer fraud.