Zeus and SpyEye banking malware gang arrested in Ukraine

Alleged core members behind notorious malware picked up after Europol operation


Europol has triumphantly reported the arrest of five suspects accused of being key members of the gang behind the notorious Zeus/SpyEye malware used to attack countless of online bank accounts in the last five years.

In a statement, the organisation said that the unnamed individuals had been picked up at four cities in Ukraine on 18 and 19 June after an intensive Belgian and Austrian investigation stretching back to 2013.

There have been a number of arrests in the past connected to this malware - Europol puts the arrest figure at 26 people plus 34 low-level money mules - but the latest action could be the most important yet.

Described as being “high level” figures with specialisms involved in the malware’s development, distribution, targeting of ATMs as well as the trading of stolen credentials on underground forums, the implication is that the operation has blown a hole in one of the world's most active cybercrime groups.

"In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group,” confirmed Europol director, Rob Wainwright.

“With our international partners, we are committed to fighting the threats brought about by malware and other forms of cybercrime, to realise safer technology infrastructures and online financial transactions for businesses and people the world over," he said.

Europol said it estimated the financial damage done by this family of malware as being “at least” 2 million euros, a huge under-estimate of the likely true scale of the damage done by this group.

Europol has acted as a key bridge to bring together disparate police forces across a number of countries including the UK. The arrests appear to be a sign that the organisation is now succeeding in that aim.

The original creator of SpyEye, Aleksandr Andreevich Panin, was arrested 18 months ago by the FBI after unwisely taking a holiday in The Dominican Republic. It was always clear that his apprehension was mainly symbolic - the programmers who create malware are not necessarily the ones who wield it, hence the continued operation to find the core gang members using it to attack banks.

The arrests suggest that after a decade as a major cybercrime hang-out, Ukraine might no longer be a safe base for such people. With a change of government in the country, the authorities there have been keener to be seen to be cleaning up the country’s image as a crime hub.

“The enormous amount of data that was collected and processed during the investigation will now be used to trace the cybercriminals still at large,” said Europol’s press release. It is likely that the police are not finished with Zeus and SpyEye perpetrators yet.

"Recommended For You"

This suspected cybercriminal may be buying coke with your online bank funds BlackShades cybercops demonstrate improving global cooperation