Russian hacker Pavel Sitnikov arrested for distributing malware via Telegram

The popular Russian hacker Pavel Sitnikov was arrested by Russian authorities on charges of distributing malware via his Telegram channel.

Pavel Sitnikov, a prominent figure of the hacking underground, was arrested earlier this month by Russian authorities on charges of distributing malware via his Freedom F0x Telegram channel.

The Russian hacker is a member of multiple underground hacking communities where he offered for sale the source code of multiple malware strains, including Alina, Carberp, Dexter, Rovnix, and Tinba.

Russian police raided Pavel Sitnikov’s home in the Pskov region on May 20.

The authorities charged him under Article 273, Part 2 of Russian criminal law, he was interdicted from using any electronic devices until his trial and cannot leave the town.

According to Recorded Future, the suspect allegedly posted the source code of the Anubis banking trojan on his Telegram Channel.

“Sources close to Sitnikov have told Recorded Future analysts that the Russian hacker was allegedly charged for posting the source code of the Anubis banking trojan on Freedom F0x, a Telegram channel where Sitnikov often posted data leaks and malware source code under the pretense of helping the security community.” reads the post published by The Record.

According to Sitnikov’s wife, her husband was arrested because on December 9, 2020, he shared a download link to a dump containing the personal data of more than 300,000 COVID-19 patients that registered with the Moscow Department of Health.

“According to Pavel’s wife , the security forces seized all the equipment available in the apartment , leaving only the girl’s phone number , and Pavel was taken away for interrogation. The next day he spent at the interrogations , thus , it is not stated , in what the reason for the charges. However, the investigators were particularly interested in the circumstances of his publication in his channel of information about the leak of personal data on Moscow’s covid patients on the night of December 9, 2020.” reported the Russian news site Readovka.ru. “The next day , May 21 , Sitnikov was charged under Article 273 , Part 2 , and imposed a preventive measure in the form of a restriction on movement at the place of registration ( Velikiye Luki, Pskov Region), and a ban was imposed on the use of communications ( he can only call the investigator and, with his permission, relatives) and put on the bracelet.”

The man faces up to five years in prison for the authorities’ charges.

If you want to know more about Sitnikov, let me suggest reading this interview published by The Record in December.

The man claimed he was member of a group that is directed linked to the notorious nation-state actor APT28.

“As one reputable hacker “090” said: “In Russia, we are all bears, but not everyone is fancy.” APT228 is the way a certain part of the original structure of APT28 was renamed in light of the way some members of the group abused prohibited substances.” Sitnikov told to The Record.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pavel Sitnikov)

[adrotate banner=”5″]

[adrotate banner=”13″]