A Russian man got four years in prison Thursday for conspiring to deploy and use a type of malicious software known as NeverQuest to infect the computers to steal victims’ login information for online banking accounts, and use that information to steal money out of their accounts.
Stanislav Vitaliyevich Lisov, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), was sentenced to 48 months by U.S. District Judge Valerie E. Caproni, who presided over his guilty plea earlier this year. NeverQuest has been responsible for millions of dollars’ worth of attempts by hackers to steal money out of victims’ bank accounts.
“Stanislav Vitaliyevich Lisov, a Russian hacker, used malware to infect victims’ computers, obtain their login credentials for online banking accounts, and steal money from their accounts,” said U.S. Attorney Geoffrey S. Berman.
NeverQuest is a type of malicious software, or malware, known as a banking Trojan. It can be introduced to victims’ computers through social media websites, phishing emails, or file transfers. Once installed on a victim’s computer, NeverQuest is able to identify when a victim attempted to log onto an online banking website and transfer the victim’s login credentials – including his or her username and password – back to a computer server used to administer the NeverQuest malware.
Once installed, NeverQuest enables its administrators remotely to control a victim’s computer and log into the victim’s online banking or other financial accounts, transfer money to other accounts, change login credentials, write online checks, and purchase goods from online vendors.
Between June 2012 and January 2015, Lisov was responsible for key aspects of the creation and administration of a network of victim computers known as a “botnet” infected with NeverQuest, officials said.
Among other things, Lisov maintained infrastructure for this criminal enterprise, including by renting and paying for computer servers used to manage the botnet that had been compromised by NeverQuest, officials said. Those computer servers contained lists with approximately 1.7 million stolen login credentials – including usernames, passwords, and security questions and answers – for victims’ accounts on banking and other financial websites. Lisov had administrative-level access to those computer servers.
Lisov also personally harvested login information from victims of NeverQuest malware, including usernames, passwords, and security questions and answers. In addition, Lisov discussed trafficking in stolen login information and personally identifying information of victims.
On January 13, 2017, Lisov was arrested in Spain pursuant to a provisional arrest warrant and on January 19, 2018, he was extradited from Spain to the United States.