The US Department of Justice said that Russian Stanislav Lisov, also known as Black and Blackf, was sentenced to four years in jail and went to prison.The fact is that from 2012 to 2015, Lisov was actively involved in the development and administration of the famous NeverQuest banker (aka Vawtrak or b>Snifula). In 2017, a hacker was arrested in Barcelona, after which the Spanish authorities decided to extradite him to the United States. Finally, he appeared in court in New York in January 2018.
Initially, Lisov denied his guilt, and his wife, who was present during the detention, claimed that an error had occurred and her husband is an ordinary system administrator from Taganrog. Nevertheless, at the beginning of this year, Lisov confessed and acknowledged his guilt.
“Stanislav Vitaliyevich Lisov, a Russian hacker, used malware to infect victims’ computers, obtain their login credentials for online banking accounts, and steal money from their accounts. This type of cybercrime threatens personal privacy and harms financial institutions”, — U.S. Attorney Geoffrey S. Berman said.
At the time of Lisov’s arrest, NeverQuest was one of the most active and dangerous banking malware in the world, but shortly after the arrest, NeverQuest’s activity almost disappeared. According to the investigation, over the years of NeverQuest’s activity, the attacker and his accomplices managed to steal more than $ 4.4 million with the help of a banker and another $ 855,000 “leaked” from the accounts of the victims in other ways.
NeverQuest is a type of malicious software, or malware, known as a banking Trojan. It can be introduced to victims’ computers through social media websites, phishing emails, or file transfers. Once surreptitiously installed on a victim’s computer, NeverQuest is able to identify when a victim attempted to log onto an online banking website and transfer the victim’s login credentials – including his or her username and password.
Once surreptitiously installed, NeverQuest enables its administrators remotely to control a victim’s computer and log into the victim’s online banking or other financial accounts, transfer money to other accounts, change login credentials, write online checks, and purchase goods from online vendors.
On the servers that belonged to Lisov and used to control the NeverQuest botnet, investigators found about 1.7 million stolen credentials, including usernames, passwords, as well as secret questions and answers to them related to bank and other financial accounts.