Malware Developer Pleads Guilty in Cybercrime Spree
The author of the FastPOS malware has pleaded guilty to charges in his role in one of the largest cybercrime rings ever to be prosecuted by a US court. Valerian Chiochiu, a thirty-year-old also known as ‘Onassis,’, pleaded guilty to RICO conspiracy on July 31 before the US District Court in Nevada. He was one of 36 people named in a 2017 indictment as being involved in the Infraud Organization, which referred prospective purchasers of malware, payment card details, and other stolen data to members' cybercrime e-commerce sites. A member of the Infraud Organization since 2012, Chiochiu has advised other members on how to develop and deploy point-of-sale malware in order to steal data.
In 2013 and 2014, Valerian posted a Craigslist email-scraping PHP script, a link to a download of a RAM credit card skimmer, and information about how to make a RAM skimmer. As part of his plea deal, Chiochiu admitted to creating the FastPOS malware.
The malware was discovered by Trend Micro researchers in 2016. FastPOS attacked point-of-sale systems using a variety of methods, and dubbed it because it immediately sent stolen data to hackers instead of storing it locally first. Between 2010 and 2017, the group was responsible for losses totaling $568 million according to the DOJ. When it was broken up following an undercover sting by the Department of Homeland Security in 2017, it had over 10,000 people.
One of the organization's co-founders, Russian citizen Sergey Medvedev, pleaded guilty in June for his role in the gang. Another co-founder, Svyatoslav Bondarenko, hasn't been caught. Over the course of seven years, the group created a sophisticated hacking scheme that stole more than half a billion dollars from individuals, merchants, and financial institutions. Valerian Chiochiu is scheduled to be arraigned in December.