Pierluigi Paganini February 26, 2019

The Russian hacker Stanislav Vitaliyevich Lisov pleads guilty to bank fraud after running a botnet that spread ‘NeverQuest’ malware for three years.

The Russian hacker Stanislav Vitaliyevich Lisov, aka “Black,” “Blackf,” is accused of using the NeverQuest banking Trojan to steal login information from victims. The man has pled guilty to one count of conspiracy to commit computer hacking in Manhattan Federal Court, he faces a sentence of up to five years in prison.

“Geoffrey S. Berman, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), pled guilty today to conspiring to deploy and use a type of malicious software known as NeverQuest to infect the computers of unwitting victims, steal their login information for online banking accounts, and use that information to steal money out of the victims’ accounts.” reads the press release published by the DoJ.

“NeverQuest has been responsible for millions of dollars’ worth of attempts by hackers to steal money out of victims’ bank accounts.  LISOV pled guilty before United States District Judge Valerie E. Caproni. “

Lisov was arrested in January 2017 by the Spanish police, he was arrested at the Barcelona airport by the Guardia Civil. The Russian hacker was suspected of being the author of the Neverquest malware, aka
 Vawtrak malware, and the person who administrated the control infrastructure.

The Neverquest was used by cyber criminals to steal login credentials from banking customers, it leverages on injection mechanisms to provide users fake forms into legitimate banking websites. The banking trojan is able to record keystrokes, to steal passwords stored on the PC,  and take screenshots and video from the victims’ machine.

The Neverquest malware is able to log in to the victim’s online banking account and perform fraudulent transactions.

The arrest is the result of the collaboration between the Spanish law enforcement and the FBI.

Lisov operated the infrastructure behind the NeverQuest malware between June 2012 and January 2015, the managed a network of servers containing lists of millions of stolen login credentials.

“LISOV also personally harvested login information from unwitting victims of the NeverQuest malware, including usernames, passwords, and security questions and answers.  In addition, LISOV discussed trafficking in stolen login information and personally identifiable information of victims.” added the DoJ.

“LISOV, 33, a citizen of Russia, pled guilty to one count of conspiracy to commit computer hacking, which carries a maximum sentence of five years in prison.  The statutory maximum sentence is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.  LISOV’s sentencing is scheduled for June 27, 2019 at 11:00 a.m. before Judge Caproni. “

Pierluigi Paganini

(SecurityAffairs – NeverQuest malware , Lisov)

[adrotate banner=”5″]

[adrotate banner=”13″]

For more, read here.