Alleged creator of Gozi banking Trojan arrested in Colombia
Romanian Mihai Ionut Paunescu, known as 'Virus,' was charged with two other supposed creators of the Gozi malware back in 2012, but Paunescu is the only one not to be extradited.
Colombian police have arrested a hacker wanted in the U.S. for his alleged role in the distribution of the infamous Gozi banking Trojan, which resulted in the theft of more than $50 million between the mid-2000s and early 2010s.
Romanian Mihai Ionut Paunescu, also known as "Virus," was arrested at Bogotá's El Dorado International Airport, according to an article published by the Colombian Attorney General's office Tuesday. He was indicted by the U.S. in late 2012 for conspiracy to commit wire fraud, conspiracy to commit bank fraud and conspiracy to commit computer intrusion in relation to Gozi.
The Attorney General's article referred to him (translated via Google) as "one of the creators and the main distributor" of Gozi, which infected more than 1 million computers primarily in Europe and the United States. Gozi originated in Eastern Europe in the mid-2000s, and was known for its cybercrime-as-a-service business model in which unaffiliated criminals could pay to utilize the trojan. Gozi still exists in various forms to date, including variants of the original virus.
Paunescu operated a "bulletproof hosting service," in which he used computers from around the world to facilitate and provide the online infrastructure for Gozi cybercrime. As his indictment explains, the bulletproof hosting service allowed cybercriminals to distribute malware, execute DDoS attacks and transmit spam.
Paunescu was previously arrested in Romania in Dec. 2012, but he was ultimately not extradited. According to the Attorney General's article, Colombian police informed the local United States Embassy "so that, within the terms of the law, it could present the arrest request for extradition purposes."
Other Gozi operators have been arrested over the years. Nikita Kuzmin, another Gozi creator, was told in a U.S. judicial ruling to pay $6.9 million in financial restitution in 2016, after he had served three years in U.S. custody. Kuzmin was charged alongside Paunescu and Latvian programmer Deniss Calovskis by the U.S. Attorney's Office in the Southern District of New York in 2012. Calovskis received a 21-month prison sentence.
The Colombian Attorney General's office did not respond to SearchSecurity's request for comment.
Alexander Culafi is a writer, journalist and podcaster based in Boston.