Financial

Russian hacker accused of creating NeverQuest malware pleads guilty

Stanislov Lisov created the NeverQuest banking malware that was used against hundreds of financial institutions

February 22, 2019

The façade of Thurgood Marshall United States Courthouse in New York City. (Getty)

Stanislav Lisov, a Russian hacker accused of creating banking malware used to steal $885,000, pleaded guilty to one count of conspiracy to commit computer hacking in the U.S. Southern District Court of New York Friday.

Lisov created the NeverQuest banking malware that was used against hundreds of financial institutions.

Lisov was facing 35 years in prison when he was extradited to the U.S. from Spain after being apprehended in Barcelona in 2017. Lisov faces a maximum of five years in prison under the terms of his plea deal, according to his lawyer.

“My client spent over a year in jail in Barcelona, Spain while in extradition,” lawyer Arkady Bukh said in a statement. “[It] then took over a year here in the United States to negotiate this plea.”

Lisov was one of a number of alleged Russian hackers apprehended by international authorities while outside Russia at the behest of the U.S. law enforcement. He was taken into custody in the Barcelona airport in 2017 during his honeymoon.

NeverQuest first was discovered in 2014 and quickly picked up by organized cybercriminal groups. The malware would infect specific banking and investment banking customers then alert its operator to where it arrived. Attackers then would funnel cash from one hacked account into others, laundering the funds through a number of accounts under their control to disguise their location, according to Kaspersky.

“Neverquest is believed to be a cybercrime-as-a-service platform that supported a number of geo-specific operators who used the malware and botnet to rob bank accounts and share the loot with operators,” IBM researcher Limor Kessem wrote in a 2017 analysis of NeverQuest operations. “Similar to the way the Dridex botnet is divided into numbered campaigns and sub-botnets, Neverquest is also programmed to create this distinction: As soon as it lands on a newly infected endpoint, it calls home with a numeric ID that identifies its campaign.

The full indictment against Lisov is available below.

[documentcloud url=”http://www.documentcloud.org/documents/5747056-Lisov.html” responsive=true]

Russian hacker accused of creating NeverQuest malware pleads guilty

More Like This

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

SEC’s breach disclosure rule raises concerns about tipping off hackers to flawed systems

LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles

Top Stories

‘Large volume’ of data stolen from UN agency after ransomware attack

FBI director warns of China’s preparations for disruptive infrastructure attacks

More Scoops

How Arkady Bukh, a New York-based immigrant from the former Soviet bloc, emerged as the go-to defense lawyer for the cybercrime underworld.

NeverQuest banking malware administrator sentenced to 4 years

Russian hacker pleads guilty for role in massive botnet schemes

Russian spammer and hacker Peter Levashov extradited to United States

Spanish court will extradite Russian cybercriminal suspect to U.S.

U.S., Russia fighting to extradite suspected Russian cybercriminal who ran $4 billion bitcoin exchange

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics