A Russian man has pleaded guilty in a US court to conspiring to drain bank accounts across the US and overseas with a computer program he created.
Aleksandr Andreevich Panin - also known as "Gribodemon" and "Harderman" - pleaded guilty in a federal court on Tuesday to a charge of conspiracy to commit bank and wire fraud.
Authorities said malware he created infected more than 1.4 million computers in the United States and abroad and was responsible for untold amounts of financial theft.
He appeared in court wearing an orange jail uniform with his legs chained together as he entered a guilty plea after reaching a plea agreement with prosecutors.
Another man, Hamza Bendelladj, was also indicted in the case and pleaded not guilty in May after being extradited from Thailand, where he was arrested a year ago. The case against him is still pending.
Authorities say 24-year-old Panin was the main author of SpyEye - a type of program known as a banking Trojan, which was implanted onto computers to harvest financial information so its users could drain accounts.
Federal prosecutor John Horn called Panin "one of the pre- eminent cybercriminals that we've been able to apprehend and prosecute so far".
Operating from Russia, Panin "wrote and polished the code for SpyEye until he had a product that experts described as professional grade", Horn said.
Trojans such as SpyEye can be profitable for cybercriminals. A small group of hackers in Eastern Europe arrested in 2010 was able to steal about US$70 million from companies, municipalities and churches in Europe and the US.
SpyEye was designed to automatically steal sensitive information - such as bank account credentials, credit card information, passwords and PIN numbers - after being implanted in victims' computers.
After the program took control of a computer, it allowed hackers to use a number of covert techniques to trick victims into giving up their personal information - including data grabbing and presenting victims with a fake bank account page.
The information was then relayed to a command and control server, which was used to access bank accounts.
Panin conspired with others, including Bendelladj, to advertise the SpyEye virus in online forums focused on cybercrime and other criminal activity and sold versions of the software for prices ranging from US$1,000 to US$8,500, prosecutors said. Cybercriminals were able to customise their purchases to choose specific methods of gathering personal information from victims.
He is believed to have sold it to at least 150 clients. A single client of his, known by his online name "Soldier", reportedly used the program to make more than US$3.2 million in a six-month period, Horn said.
Between 2009 and 2011, SpyEye was the pre-eminent malware toolkit used by cybercriminals, and it is still being used today, Horn said.
Information from the financial services industry indicates that more than 10,000 bank accounts were compromised by the program in 2013 alone.
Agents with the FBI in February 2011 searched and seized a SpyEye server they said was operated by Bendelladj in Georgia.
It controlled more than 200 computers infected with the virus and contained information from many financial institutions, authorities said.
In June and July 2011, covert FBI sources communicated directly with Panin, who was using his online nicknames.
The FBI sources were able to buy a version of SpyEye from Panin that included features designed to steal financial information and initiate fraudulent online banking transactions, among other operations.
Panin, whose real name was not known at the time, and Bendelladj were indicted in December 2011.
Bendelladj was on a trip from Malaysia to Egypt when he was arrested during a stopover at an airport in Bangkok on January 5 last year.
Police seized two laptops, a tablet computer, a satellite phone and external hard drives.
Panin is set to be sentenced on April 29. Federal agents continue to investigate the case.