Creator of notorious SpyEye malware pleads guilty

ID-10050034 (1)Glad to know the developer of a nasty piece of malware is facing justice. Not so happy to find the malware is still out there, posing a threat to consumers’ finances.

The U.S. Department of Justice recently announced that Russian national Aleksandr Andreevich Panin (also known as “Gribodemon” and “Harderman”) has pleaded guilty to conspiracy to commit wire and bank fraud. Panin was the primary developer of a malicious software program called SpyEye.

SpyEye is a virus specifically designed to help criminals steal your banking information. After SpyEye virus  infects a victim’s computer, cyber criminals can remotely control it and steal personal and financial information through techniques such as “web injects,” “keystroke loggers” and “credit card grabbers.”  The stolen information is then transmitted to the criminals’ servers, where it is used to steal money from their bank accounts.

According to the report from the U.S. Department of Justice, Panin was the primary developer and distributor of SpyEye, operating from Russia from 2009 to 2011. He allegedly conspired with others, including co-defendant Hamza Bendelladj, aka “Bx1,” to develop, market and sell different versions of SpyEye on the Internet. Panin allegedly advertised the virus in online, invitation-only criminal forums and sold it for prices ranging from $1,000 to $8,500.   He is believed to have sold virus to at least 150 “clients.” One client, “Soldier,” is reported to have made more than $3.2 million in six months using the SpyEye virus.

In February 2011, the FBI searched and seized a SpyEye server allegedly operated by Bendelladj in the Northern District of Georgia.  In June and July 2011, FBI covert sources communicated with Panin and purchased a version of SpyEye that contained features designed to steal confidential financial information, initiate fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from infected computers.

A Northern District of Georgia grand jury returned a 23-count indictment on Dec. 20, 2011 against Panin, who had yet to be fully identified, and Bendelladj.   

Bendelladj was arrested at Suvarnabhumi Airport in Bangkok, Thailand, on Jan. 5, 2013 and was extradited to the United States on May 2, 2013. His charges are pending. Panin was arrested by U.S. authorities on July 1, 2013, when he flew through Hartsfield-Jackson Atlanta International Airport in Georgia.

The investigation also led to the arrest of four SpyEye clients and associates in the United Kingdom and Bulgaria.

On Jan. 28, 2014, Panin pleaded guilty to conspiring to commit wire and bank fraud.

BBB has the following advice for protecting your information online and on your smartphone:


  • Update your software. Your computer should have the latest anti-virus software installed, along with a secure firewall.
  • Shop on trustworthy websites. Check a seller’s reputation and record of customer satisfaction at Look for the “s” in https:// in the address box to ensure you’re shopping on a secure website.
  • Beware of phishing. Avoid clicking on links from emails sent from anyone you do not know, or if they appear suspicious.
  • Set strict privacy settings. Consider restricting access on social network profiles to only friends or family, or people you know. Avoid connecting with anyone on social networking sites who you are unfamiliar with.
  • Set strong passwords. Make sure all passwords, most importantly your passwords for online banking, social media accounts and emails are difficult to guess.


  • Lock your phone. Add a unique security code to your phone to prevent thieves from accessing your data. Then, set your device to lock automatically when not in use for a specified time.
  • Update your operating system.  Regularly updating your phone closes security loopholes and other backdoors hackers can use to access your phone without your knowledge.
  • Beware of unknown apps and links. Do not download any apps or click on links in your email or social media pages without first researching the source. They may contain viruses, malware or spyware that can compromise your personal data.
  • Avoid unsecured Wi-Fi. If you choose to connect to an unsecured or public Wi-Fi network, do not enter passwords or access any personal data.
  • Turn Bluetooth off when you’re not using it. Scammers could use specialized software to intercept your Bluetooth signal and hack into your device. Make sure to turn Bluetooth off in your settings when you’re not using it.
  • Check your permissions. Check all of your apps to see what data they are accessing and revoke permissions for information those apps don’t need to properly operate.
  • Don’t respond to “smishing” texts. Like “phishing,” “smishing” schemers often pose as banks or lottery sweepstakes asking customers to contact them immediately about a pressing issue that needs to be discussed. Do not reply to unusual texts, or from numbers you don’t recognize. Erase the message immediately.
  • Erase old phones completely. If you’re selling, donating or recycling your old phone, ensure all your data is completely erased and the phone is returned to factory settings before letting it out of your possession.