{
	"id": "50831763-f0aa-43c0-bcdc-182c5068f01b",
	"created_at": "2026-04-06T00:08:44.356613Z",
	"updated_at": "2026-04-10T03:21:42.21809Z",
	"deleted_at": null,
	"sha1_hash": "2ea93d5e6c48974e24fe30ddbf540dbbc23b86c0",
	"title": "Nuclear Bot Author Arrested in Sextortion Case",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 524314,
	"plain_text": "Nuclear Bot Author Arrested in Sextortion Case\r\nPublished: 2019-12-17 · Archived: 2026-04-05 22:31:20 UTC\r\nLast summer, a wave of sextortion emails began flooding inboxes around the world. The spammers behind this\r\nscheme claimed they’d hacked your computer and recorded videos of you watching porn, and promised to release\r\nthe embarrassing footage to all your contacts unless a bitcoin demand was paid. Now, French authorities say\r\nthey’ve charged two men they believe are responsible for masterminding this scam. One of them is a 21-year-old\r\nhacker interviewed by KrebsOnSecurity in 2017 who openly admitted to authoring a banking trojan called\r\n“Nuclear Bot.”\r\nOn Dec. 15, the French news daily Le Parisien published a report stating that French authorities had arrested and\r\ncharged two men in the sextortion scheme. The story doesn’t name either individual, but rather refers to one of the\r\naccused only by the pseudonym “Antoine I.,” noting that his first had been changed (presumably to protect his\r\nidentity because he hasn’t yet been convicted of a crime).\r\n“According to sources close to the investigation, Antoine I. surrendered to the French authorities at the beginning\r\nof the month, after being hunted down all over Europe,” the story notes. “The young Frenchman, who lived\r\nbetween Ukraine, Poland and the Baltic countries, was indicted on 6 December for ‘extortion by organized gang,\r\nfraudulent access to a data processing system and money laundering.’ He was placed in pre-trial detention.”\r\nAccording to Le Parisien, Antoine I. admitted to being the inventor of the initial 2018 sextortion scam, which was\r\nsubsequently imitated by countless other ne’er-do-wells. The story says the two men deployed malware to\r\ncompromise at least 2,000 computers that were used to blast out the sextortion emails.\r\nWhile that story is light on details about the identities of the accused, an earlier version of it published Dec. 14\r\nincludes more helpful clues. The Dec. 14 piece said Antoine I. had been interviewed by KrebsOnSecurity in April\r\n2017, where he boasted about having created Nuclear Bot, a malware strain designed to steal banking credentials\r\nfrom victims.\r\nMy April 2017 exposé featured an interview with Augustin Inzirillo, a young man who came across as deeply\r\nconflicted about his chosen career path. That path became traceable after he released the computer code for\r\nNuclear Bot on GitHub. Inzirillo outed himself by defending the sophistication of his malware after it was\r\nridiculed by both security researchers and denizens of the cybercrime underground, where copies of the code\r\nwound up for sale. From that story:\r\n“It was a big mistake, because now I know people will reuse my code to steal money from other\r\npeople,” Inzirillo told KrebsOnSecurity in an online chat.\r\nhttps://krebsonsecurity.com/2019/12/nuclear-bot-author-arrested-in-sextortion-case/\r\nPage 1 of 4\n\nInzirillo released the code on GitHub with a short note explaining his motivations, and included a\r\ncontact email address at a domain (inzirillo.com) set up long ago by his father, Daniel Inzirillo.\r\nKrebsOnSecurity also reached out to Daniel, and heard back from him roughly an hour before Augustin\r\nreplied to requests for an interview. Inzirillo the elder said his son used the family domain name in his\r\nsource code release as part of a misguided attempt to impress him.\r\n“He didn’t do it for money,” said Daniel Inzirillo, whose CV shows he has built an impressive career in\r\ncomputer programming and working for various financial institutions. “He did it to spite all the cyber\r\nshitheads. The idea was that they wouldn’t be able to sell his software anymore because it was now free\r\nfor grabs.”\r\nIf Augustin Inzirillo ever did truly desire to change his ways, it wasn’t clear from his apparent actions last\r\nsummer: The Le Parisien story says the sextortion scams netted the Frenchman and his co-conspirator at least a\r\nmillion Euros.\r\nIn August 2018, KrebsOnSecurity was contacted by a researcher working with French authorities on the\r\ninvestigation who said he suspected the young man was bragging on Twitter that he used a custom version of\r\nNuclear Bot dubbed “TinyNuke” to steal funds from customers of French and Polish banks.\r\nhttps://krebsonsecurity.com/2019/12/nuclear-bot-author-arrested-in-sextortion-case/\r\nPage 2 of 4\n\nThe source said this individual used the now-defunct Twitter account @tiny_gang1 to taunt French authorities,\r\nwhile showing off a fan of 100-Euro notes allegedly gained from his illicit activities (see image above). It seemed\r\nto the source that Inzirillo wanted to get caught, because at one point @tiny_gang1 even privately shared a copy\r\nof Inzirillo’s French passport to prove his identity and accomplishments to the researcher.\r\n“He modified the Tinynuke’s config several times, and we saw numerous modifications in the malware code too,”\r\nthe source said. “We tried to compare his samples with the leaked code available on GitHub and we noticed that\r\nthe guy actually was using a more advanced version with features that don’t exist in the publicly available\r\nrepositories. As an example, custom samples have video recording functionality, socks proxy and other features.\r\nSo the guy clearly improved the source code and recompiled a new version for every new campaign.”\r\nThe source said the person behind the @tiny_gang Twitter account attacked French targets with custom versions\r\nof TinyNuke in one to three campaigns per week earlier this year, harvesting French bank accounts and laundering\r\nthe stolen funds via a money mule network based mostly in the United Kingdom.\r\nhttps://krebsonsecurity.com/2019/12/nuclear-bot-author-arrested-in-sextortion-case/\r\nPage 3 of 4\n\n“If the guy behind this campaign is the malware author, it could easily explain the modifications happening with\r\nthe malware, and his French is pretty good,” the researcher told KrebsOnSecurity. “He’s really provocative and I\r\nthink he wants to be arrested in France because it could be a good way to become famous and maybe prove that\r\nhis malware works (to resell it after?).”\r\nThe source said the TinyNuke author threatened him with physical harm after the researcher insulted his\r\nintelligence while trying to goad him into disclosing more details about his cybercrime activities.\r\n“The guy has a serious ego problem,” the researcher said. “He likes when we talk about him and he hates when we\r\nmock him. He got really angry as time went by and started personally threatening me. In the last [TinyNuke\r\nmalware configuration file] targeting Poland we found a long message dedicated to me with clear physical\r\nthreats.”\r\nAll of the above is consistent with the findings detailed in the Le Parisien report, which quoted French\r\ninvestigators saying Antoine I. in October 2019 used a now-deleted Twitter account to taunt the authorities into\r\nlooking for him. In one such post, he included a picture of himself holding a beer, saying: “On the train to Naples.\r\nYou should send me a registered letter instead of threatening guys informally.”\r\nThe Le Parisien story also said Antoine I. threatened a researcher working with French authorities on the\r\ninvestigation (the researcher is referred to pseudonymously as “Marc”).\r\n“I make a lot more money than you, I am younger, more intelligent,” Antoine I. reportedly wrote in July 2018 to\r\nMarc. “If you do not stop playing with me, I will put a bullet in your head. ”\r\nFrench authorities say the defendant managed his extortion operations while traveling throughout Ukraine and\r\nother parts of Eastern Europe. But at some point he decided to return home to France, despite knowing\r\ninvestigators there were hunting him. According to Le Parisien, he told the French authorities he wanted to\r\ncooperate in the investigation and that he no longer wished to live like a fugitive.\r\nSource: https://krebsonsecurity.com/2019/12/nuclear-bot-author-arrested-in-sextortion-case/\r\nhttps://krebsonsecurity.com/2019/12/nuclear-bot-author-arrested-in-sextortion-case/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://krebsonsecurity.com/2019/12/nuclear-bot-author-arrested-in-sextortion-case/"
	],
	"report_names": [
		"nuclear-bot-author-arrested-in-sextortion-case"
	],
	"threat_actors": [],
	"ts_created_at": 1775434124,
	"ts_updated_at": 1775791302,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2ea93d5e6c48974e24fe30ddbf540dbbc23b86c0.pdf",
		"text": "https://archive.orkl.eu/2ea93d5e6c48974e24fe30ddbf540dbbc23b86c0.txt",
		"img": "https://archive.orkl.eu/2ea93d5e6c48974e24fe30ddbf540dbbc23b86c0.jpg"
	}
}