Neverquest Trojan Operator Pleads Guilty

A Russian national has admitted in court to using the Neverquest Trojan to infect computers and steal their information for financial gain, the United States Department of Justice (DoJ) says. 

The man, Stanislav Vitaliyevich Lisov, 33, also known as “Black” and “Blackf,” was arrested in Spain on January 13, 2017, around the same time when the Trojan’s activity ceased. Lisov was extradited to the United States in January 2018.

On Friday, the DoJ announced that Lisov pleaded guilty to “conspiring to deploy and use a type of malicious software known as Neverquest to infect the computers of unwitting victims, steal their login information for online banking accounts, and use that information to steal money out of the victims’ accounts.”

Several years ago, Neverquest was one of the most active banking Trojans out there, causing significant damages in stolen funds. According to the DoJ, the malware “has been responsible for millions of dollars’ worth of attempts by hackers to steal money out of victims’ bank accounts.”

Neverquest was being spread via social media websites, phishing emails, and file transfers. Once installed, the malware would identify when the victim attempted to log onto an online banking website, intercept their login credentials, including username and password, and send the information to the command and control (C&C) server. 

The threat provided operators with the possibility to remotely control the victim’s computer, log into their online banking or other financial accounts, transfer money, change the login information, write online checks, and buy goods from online vendors.

According to documents presented in court, between June 2012 and January 2015, Lisov was responsible for creating and administrating a botnet of Neverquest-infected machines. 

He also maintained infrastructure for this criminal enterprise (such as renting and paying for servers used for botnet management), personally harvested login information from unwitting victims, and discussed trafficking in stolen login information and personally identifiable information of victims.

Lisov pled guilty to one count of conspiracy to commit computer hacking, which carries a maximum sentence of five years in prison. His sentencing is scheduled for June 27, 2019. 

Related: Malware Creator Admits to Building and Selling LuminosityLink RAT

Related: Neverquest Trojan Ceases Operations

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:
Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *