The US has charged 16 alleged creators of a malware-as-a-service bot that is capable of stealing crypto wallet credentials and has been used by Russian cybercriminals to cause $50 million worth of damage.

A 2022 Grand Jury indictment, unsealed yesterday, details how DanaBot admins allegedly leased the bot to criminals for thousands of dollars. If a computer became infected with its malware, it could be used to track keystrokes, siphon crypto wallet data, and record computer sessions. 

DanaBot reportedly infected over 300,000 computers across the globe. However, the DanaBot defendants also infected their own PCs with their malware both deliberately and accidentally.

“The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor’s computer by the malware and stored on the DanaBot servers, including data that helped identify members of the DanaBot organization,” the complaint reads.

Read more: Coinbase says staff leaked customer data, refuses to pay $20M ransom

DanaBot admins also allegedly had another version of the botnet that targeted computers used by the US military, government, and police department.

One suspect, 34-year-old Artem Aleksandrovich Kalinkin, is still in Russia and is yet to be arrested. He faces a maximum statutory sentence of 72 years.

Europol, under “Operation Endgame,” also claims to have disrupted the DanaBot service, seized €3.5 million ($4 million) in crypto, and shut down 650 various ransomware domains.

Crypto still plays a pivotal role for criminals looking to launder their illicit gains from ransomware attacks. However, crypto analysts Chainalysis claim that the volume of ransomware payments being made has dropped by 35% year-over-year. 

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Russian crypto malware caused $50 million in damages appeared first on Protos.