A US federal jury has convicted two Romania nationals of a widespread malware operation primarily in the US, which caused over 400,000 personal computers to be infected with malware since 2007. By gaining access and controlling these computers, the hackers used them for cryptojacking – mining cryptocurrency using others’ computing power without their knowledge. They also stole personal data, credit card information, user names, and passwords, which they used to make fraudulent transactions amounting to millions of dollars.

In a press release (Apr 11), the Department of Justice (DOJ) said the suspects, Bogdan Nicolescu (36) and Radu Miclaus (37), have been convicted after a 12-day trial of conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering, and 12 counts of wire fraud each. Sentencing has been set for August 14 in Ohio.

The duo ran an elaborate operation from the Romanian capital of Bucharest, where they first created proprietary malware embedded in attached files sent out in emails disguised as being from Western Union, Norton AntiVirus, and the Internal Revenue Service (IRS). Clicking the files caused the malware to install, but also to send itself out to everyone on the contact list in an infected computer, thereby spreading itself automatically.  

Infected computers were also forced to register email accounts with AOL, resulting in the creation of some 100,000 such accounts. The hackers used these to send out even more malicious emails, amounting in the tens of millions.

Not content with just using spiked emails, DOJ also revealed that users of the infected computers would be redirected to phishing sites when they attempted to visit certain websites like Facebook, PayPal or eBay. On eBay, Nicolescu, and Miclaus even placed more than 1,000 fraudulent listings for automobiles, motorcycles, and other expensive goods, with photos of items infected with malware.

By skimming credentials through more than 400,000 malware-controlled computers, Nicolescu and Miclaus stole millions to rent server space, register domain names, and prevent themselves from being tracked. Stolen money was wired to fake companies that in turn forwarded the funds on to Western Union or Money Gram offices in Romania. The pair were eventually caught by the Federal Bureau of Investigation (FBI) together with the Romanina National Police.