Main Media information News

Belarusian investigators, FBI apprehend member of international cybercrime group

The Investigative Committee of Belarus in association with the FBI has apprehended a member of the international cybercrime group Andromeda.

The Investigative Committee of Belarus, the K Department of the Belarusian Interior Ministry, and the FBI have shut down an international cybercrime group, which specialized in coding and disseminating malicious software. A Belarusian citizen was part of the group.

A global operation was staged in late November 2017. As a result of investigative actions malware sellers, server owners, and malware users were detected. A Belarusian citizen was apprehended in Gomel Oblast. After searching the suspect's computer equipment the investigators and officers of the K Department of the Belarusian Interior Ministry found direct evidence to confirm that the suspect had committed crimes and had been part of the international cybercrime group.

The man has been detained. He gives testimony freely and cooperates with the investigators. His hard drives, other data media, data from digital wallets are being examined by the investigators.

The Investigative Committee of Belarus had previously received a tip saying that a Belarusian citizen was part of an international forum of cyber criminals and was selling malicious software. The citizen was also an administrator at a forum where the organization of high-tech crimes was discussed.

The man's identity was found out. Born in 1983, he is a resident of Gomel Oblast, Belarus. After that officers of the USA Federal Bureau of Investigation (FBI) bought malware from the Belarusian. The malware's source code was examined by information security specialists, who concluded it was harmful. The investigation also revealed that the man had helped his online contacts buy and update malware and had provided technical support services. He received $500 per sale and $10 per malware update. The number of crime episodes and the revenues are being ascertained.

According to representatives of the Investigative Committee of Belarus, the malware is a Trojan virus, which downloads other kinds of malware to the infected computer. In turn, the downloaded components allow recording the infected computer user's actions, information about the websites the user browses, saved login names and passwords. The malware allows using the infected computer to stage DDoS attacks and other illegal actions.

In October 2016 Microsoft Corporation stated that 3-4 million PCs all over the world get infected with malicious software every month. As of October 2016 over 570,000 PCs had an active infection status.