Law enforcement authorities in Colombia arrested a Romanian hacker who is wanted in the US for distributing Gozi malware that infected more that 1 million computers from 2007 to 2012.
Mihai Ionut Paunescu was arrested at Bogota’s international airport, according to Colombia’s Attorney General’s office. Paunescu was first arrested in Romania in 2012, but was able to avoid extradition. In 2013 he was officially charged in the US for his part in creating and distributing the Gozi malware that infected computers in the US, including those belonging to the National Aeronautics and Space Administration (“NASA”), as well as computers in Germany, the United Kingdom, Poland, France, Finland, Italy, and Turkey.
According to the US State Department, Paunescu who was known online under the moniker of “Virus,” run PowerHost[.]ro, a “bulletproof hosting” service that allowed cyber criminals to distribute malware, including Gozi and the Zeus Trojan, and conduct other sophisticated cyber crimes.
The Gozi malware was distributed via seemingly benign .pdf documents. Once installed, the malware collected data, such as personal bank account information including usernames and passwords from the infected system and sent it to servers under Gozi operators’ control. The cybercrooks then used the stolen information to transfer funds out of the victims’ bank accounts to their own accounts.
Mihai Ionut Paunescu was placed at the disposal of Colombia’s Attorney General’s Office after his arrest by the DIJIN investigative unit of the National Police. The United States Embassy was immediately contacted so that it could initiate extradition proceedings.
In 2016, the Gozi’s creator, a Russian national Nikita Kuzmin, was sentenced to 37 months in prison and fined $7 million following a plea bargain. Deniss Calovskis (aka “Miami”), a Latvian programmer who helped create the malware also received a 21-month prison sentence after being extradited to the U.S.