Back in 2016, three members of the Bayrob hack group were extradited to the United States. Law enforcement officials said that Romanian citizens Bogdan Nicolescu (aka Masterfraud, aka mf), Danet Tiberiu (aka Amightysa, aka amy), and Radu Miclaus (aka Minolta, aka min) have been engaged in fraud since 2007, and then their "business "evolved into a large botnet, which was also engaged in cryptocurrency mining.
The group has stolen more than $ 4 million from its victims over the years of activity, according to authorities, but analysts at Symantec, who helped law enforcement authorities to shut down the group's activities, reported that the damage from Bayrob's actions could have to more than $ 35,000,000.
Let me remind you that in 2007 cybercriminals were mainly engaged in fraudulent activities through eBay and advertising scams. They put up for sale non-existent goods (as a rule, these were expensive cars) and waited for a potential buyer to become interested in their lot. As soon as the victim showed interest in a non-existent product, the scammers contacted her to discuss the details of the transaction. A potential buyer was sent a file that allegedly contained a gallery with photographs of the car, but in addition to photographs, there was also a Bayrob Trojan created by the group itself.
At first, Bayrob acted as a simplified banker, only instead of a fake bank portal page, it led users to a fake eBay page, which posted a message about the sale of a non-existent car. The fake pages and letters were created with great care, and the English language of the group was excellent and practically did not contain errors. Fraudsters have come up with fake customer reviews for fake eBay pages, forged information about previous car owners, road traffic accidents and alienation restrictions, and even created fake websites for transport companies that supposedly had to deliver the car to the buyer.
In fact, all this was needed to lull the victim's vigilance, in order to delay the moment when the buyer realizes that he was deceived and notifies the bank and law enforcement agencies about the incident. During this time, hackers managed to use the services of the so-called "money mules", which sent money from the United States to Romania (while the group did not hesitate to mislead or rob their own couriers, often leaving them without a " commission "due to them).
In 2014, Bayrob evolved into a full-fledged backdoor Trojan that "learned" to steal bank card data and other confidential information from infected machines. It began to spread in attachments to spam emails allegedly sent on behalf of organizations such as Western Union, Norton AntiVirus and the IRS. Hackers are also known to have registered over 100,000 mailboxes and sent millions of malicious emails with it to previously collected email addresses. ... In addition, they intercepted requests to Facebook, PayPal, eBay and other sites and redirected their victims to similar domains, where they stole their credentials.
So, if in 2007 Bayrob was infected about 1000 machines, then by 2014 their number increased to 50,000, and by 2016 it had completely exceeded the mark of 300,000. A botnet of this size made it possible to carry out a variety of operations, for example, among other things, the group started mining cryptocurrency.
All three suspects were charged back in 2016, but the case came to trial much later. So, the fact that Bogdan Nicolscu and Danet Tiberiu pleaded guilty, it became known only in April 2019, and sentencing on 21 counts of charges was scheduled for the current fall.
At the end of last week, the website of the US Department of Justice reported that Nicolscu and Tiberiu were sentenced to 20 and 18 years in prison, respectively.
Now law enforcement officers report that the attackers not only stole other people's money and mined cryptocurrency on infected machines, but also stole various information from the victims, then reselling this data on the darknet (it could be credentials, financial information, and so on) ...
