Spanish police nab suspected hacker behind Neverquest banking malware

Neverquest can steal credentials used for banking websites

Spanish police have arrested a Russian programmer suspected of developing the Neverquest banking Trojan, a malware targeting financial institutions across the world.

The 32-year-old Russian citizen known as Lisov SV was arrested at the Barcelona airport, Spain's law enforcement agency Guardia Civil said on Friday.

The FBI had been working with Spanish authorities to track down the suspect through an international arrest warrant, according to a statement from the agency. The FBI, however, declined to comment on the man's arrest.

Neverquest is designed to steal username and password information from banking customers. Once it infects a PC, the malware can do this by injecting fake online forms into legitimate banking websites to log any information typed in. It can also take screenshots and video from the PC's desktop and steal any passwords stored locally.

Once the credentials are stolen, Neverquest can use the infected PC to secretly log back into the customer's online banking account. It can then access the victim's funds and transfer the money out. 

In 2013, antivirus vendor Kaspersky Lab discovered the malware being advertised in black market forums. It's since been found preying on the banking sites of 100 to 200 financial institutions, and it has features built in making it hard for security researchers to track. 

On Friday, Spanish authorities said the malware has resulted in financial losses from victims of about US$5 million. Lisov is suspected of creating NeverQuest and then using servers to administer the malware.

One such server contained files with millions of stolen login credentials from financial website accounts.

The arrested suspect’s full name is Stanislav Lisov, according to Russian news agency TASS, and he was arrested on Jan. 13. Russian diplomats have sent a request to Spanish authorities to learn more about the charges against Lisov.

If Lisov is indeed behind Neverquest, his arrest may stop or slow down the malware's spread. Last August, IBM Security said Neverquest was the most active financial malware in the world.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?