FastPOS malware resulted in losses of $568 million

Malware developer pleads guilty for role in point-of-sale credit card cybercrime spree

The author of the FastPOS malware has pleaded guilty to charges related to his role in one of the most prolific cybercrime rings ever to be prosecuted by a US court.

Thirty-year-old Moldovan citizen Valerian Chiochiu – also known in criminal circles as ‘Onassis’, ‘Flagler’, ‘Socrate’, and ‘Eclessiastes’ – pleaded guilty to RICO conspiracy on Friday (July 31) before the US District Court in Nevada.

He was one of 36 individuals named in a 2017 indictment (PDF) as being involved in the so-called ‘Infraud Organization’, which referred prospective purchasers of malware, payment card details, and other ill-gotten data to members’ cybercrime e-commerce sites.

Malware advice

A member of the Infraud Organization since 2012,Chiochiu is said to have advised other cybercrime gang members on how to develop and deploy point-of-sale (POS) malware in order to exfiltrate stolen data.

The indictment said that in 2013 and 2014, he posted a Craigslist email-scraping PHP script, a link to a download of a RAM credit card skimmer, and information about how to make a RAM skimmer.

As part of his plea agreement Chiochiu admitted to authoring the ‘FastPOS’ malware, according to an accompanying press release published by the US Department of Justice (DOJ).

Discovered by Trend Micro researchers in 2016, FastPOS attacked point-of-sale systems using a variety of methods, and was so-named because it immediately sent stolen data to cybercrooks rather than storing it locally first.

Multimillion-dollar losses

Between 2010 and 2017, the Infraud Organization was responsible for losses incurred by individuals, merchants, and financial institutions that totalled $568 million, the DOJ claims.

When it was dismantled following an undercover sting by the Department of Homeland Security in 2017, its membership exceeded 10,000 people.

One of the organization’s co-founders, Russian citizen Sergey Medvedev, pleaded guilty on June 26 for his role in the gang, as previously reported by The Daily Swig.

The other co-founder, Svyatoslav Bondarenko, remains a fugitive.

Read more of the latest cybercrime news

“Over the course of seven years, Infraud and its alleged conspirators created a sophisticated cybercriminal racketeering scheme that victimized individuals, merchants, and financial institutions to the tune of over half a billion dollars in losses,” said Brian Rabbitt, Acting Assistant Attorney General of the Justice Department’s Criminal Division.

“The Justice Department is committed to unmasking cyber criminals and their criminal organizations that use the internet for fraudulent schemes.”

Francisco Burrola, special agent in charge for the US Immigration and Customs Enforcement’s Homeland Security Investigations’ Las Vegas Office, said: “While criminal operators may continue to grow the reach of their criminal activity, ultimately they do not escape the reach of law enforcement.

“We continue to investigate, disrupt, and dismantle hidden illegal networks that pose a threat in cyberspace.”

Chiochiu, who lived in the US during the period of the conspiracy, is due to be sentenced on December 11.

READ MORE DIY phishing kits dissected: Tackling the underground ecosystem that democratized cybercrime