Colombian Authorities Arrest Romanian Hacker Wanted in the U.S. For Spreading ‘Gozi’ Virus
Mihai Ionut Paunescu Is Wanted in the U.S. For His Key Role in the Distribution of the Gozi Virus That Infected More Than A Million Computers from 2007 to 2012.
The Office of the Attorney General of Colombia released a statement saying that Mihai Ionut Paunescu (aka “Virus”) was detained at the El Dorado airport in Bogotá. Paunescu was part of the cybercriminal network that designed ‘Gozi’.
Image Source: Colombian Police
Paunescu, along with Nikita Vladimirovich Kuzmin and Deniss Calovskis, was charged with computer intrusion and banking fraud in the Southern District Court of New York. Paunescu was arrested in Romania in December 2012, but he was ultimately not extradited.
In an unsealed indictment, the Department of Justice said at the time that
Through this service, Paunescu, like other bulletproof hosts, knowingly provided critical online infrastructure to cybercriminals that allowed them to commit online criminal activity with little fear of detection by law enforcement.
Colombia’s Attorney General’s office stated that the hacker was detained at Bogotá’s international airport, sporting a thick beard and wearing a red T-shirt.
What is Gozi?
First spotted by security researchers in 2007, this malicious software was sent in e-mails as an attached file and, with its download, was hosted on the computers of large companies and government entities, accessed sensitive data such as personal bank account information, numbers, and identification documents, and intercepted and diverted money transfers, among other fraudulent actions.
According to the experts, the Gozi Banking Malware infected more than 1 million computers worldwide, including the United States, Germany, the United Kingdom, Poland, France, Finland, Italy, and Turkey, causing tens of millions of dollars in losses. Some of the victims are multinationals, banks, and organizations such as NASA.
Paunescu was the one who designed the infrastructure used to spread the Gozi virus. Additionally, the group implemented a malware-as-a-service model to offer the banking malware to cybercriminals for a fee of $500 a week.
The other Gozi operators have been arrested over the years. Nikita Kuzmin was told in a U.S. judicial ruling to pay $6.9 million in financial restitution in 2016 after he had served three years in U.S. custody. Kuzmin was charged alongside Paunescu and Latvian programmer Deniss Calovskis, who received a 21-month prison sentence after being extradited to the U.S.