A Russian cyber-criminal has been sentenced to five years behind bars in the United States for his part in developing the Citadel information-stealing malware.
Mark Vartanyan, also known by his online moniker “Kolypto”, was sentenced by a US District Court in Atlanta.
Vartanyan was extradited from Norway to the United States in December 2016, when he was 28 years old.
While Vartanyan admitted to providing software development expertise to help refine Citadel, it’s not clear if he was a major player in the cybercrime ring behind the malware.
The Citadel malware is a banking Trojan. It’s used by crooks to steal banking credentials and extort money. According to some estimates, the malware was used to steal about half a billion dollars. The malware was distributed in Russian underground forums, in which Kolypto was very active. The original code for Citadel borrowed heavily from the ZeuS banking Trojan.
The Justice Department has tied Citadel botnets to infections of 11 million PCs worldwide that caused more than $500 million in fraud.