{
	"id": "8df896d0-bbf4-4b8d-a4c8-e4d24580f6df",
	"created_at": "2026-04-10T03:21:06.917213Z",
	"updated_at": "2026-04-10T13:13:04.076328Z",
	"deleted_at": null,
	"sha1_hash": "35de7a1a520ca81fe1c0735415425c5e5557c4e3",
	"title": "Two Romanian Cybercriminals Convicted of All 21 Counts Relating to Infecting Over 400,000 Victim Computers with Malware and Stealing Millions of Dollars",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37291,
	"plain_text": "Two Romanian Cybercriminals Convicted of All 21 Counts\r\nRelating to Infecting Over 400,000 Victim Computers with\r\nMalware and Stealing Millions of Dollars\r\nPublished: 2019-04-11 · Archived: 2026-04-10 03:02:22 UTC\r\nA federal jury today convicted two Bucharest, Romania, residents of 21 counts related to their scheme to infect\r\nvictim computers with malware in order to steal credit card and other information to sell on dark market websites,\r\nmine cryptocurrency and engage in online auction fraud, announced Assistant Attorney General Brian A.\r\nBenczkowski of the Justice Department’s Criminal Division and U.S. Attorney Justin E. Herdman of the Northern\r\nDistrict of Ohio.\r\nBogdan Nicolescu, 36, and Radu Miclaus, 37, were convicted after a 12-day trial of conspiracy to commit wire\r\nfraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money\r\nlaundering and 12 counts each of wire fraud.  Sentencing has been set for Aug. 14, 2019 before Chief Judge\r\nPatricia A. Gaughan of the Northern District of Ohio.\r\nAccording to testimony at trial and court documents, Nicolescu, Miclaus, and a co-conspirator who pleaded guilty,\r\ncollectively operated a criminal conspiracy from Bucharest, Romania.  It began in 2007 with the development of\r\nproprietary malware, which they disseminated through malicious emails purporting to be legitimate from such\r\nentities as Western Union, Norton AntiVirus and the IRS. When recipients clicked on an attached file, the malware\r\nwas surreptitiously installed onto their computer.\r\nThis malware harvested email addresses from the infected computer, such as from contact lists or email accounts,\r\nand then sent malicious emails to these harvested email addresses.  The defendants infected and controlled more\r\nthan 400,000 individual computers, primarily in the United States.\r\nControlling these computers allowed the defendants to harvest personal information, such as credit card\r\ninformation, user names and passwords.  They disabled victims’ malware protection and blocked the victims’\r\naccess to websites associated with law enforcement.\r\nControlling the computers also allowed the defendants to use the processing power of the computer to solve\r\ncomplex algorithms for the financial benefit of the group, a process known as cryptocurrency mining.\r\nThe defendants used stolen email credentials to copy a victim’s email contacts.  They also activated files that\r\nforced infected computers to register email accounts with AOL.  The defendants registered more than 100,000\r\nemail accounts using this method.  They then sent malicious emails from these addresses to the compromised\r\ncontact lists.  Through this method, they sent tens of millions of malicious emails.\r\nWhen victims with infected computers visited websites such as Facebook, PayPal, eBay or others, the defendants\r\nwould intercept the request and redirect the computer to a nearly identical website they had created.  The\r\ndefendants would then steal account credentials.  They used the stolen credit card information to fund their\r\nhttps://www.justice.gov/opa/pr/two-romanian-cybercriminals-convicted-all-21-counts-relating-infecting-over-400000-victim\r\nPage 1 of 2\n\ncriminal infrastructure, including renting server space, registering domain names using fictitious identities and\r\npaying for Virtual Private Networks (VPNs) which further concealed their identities.\r\nThe defendants were also able to inject fake pages into legitimate websites, such as eBay, to make victims believe\r\nthey were receiving and following instructions from legitimate websites, when they were actually following the\r\ninstructions of the defendants.\r\nThey placed more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on\r\neBay and similar auction sites.  Photos of the items were infected with malware, which redirected computers that\r\nclicked on the image to fictitious webpages designed by the defendants to resemble legitimate eBay pages.\r\nThese fictitious webpages prompted users to pay for their goods through a nonexistent “eBay Escrow Agent” who\r\nwas simply a person hired by the defendants.  Users paid for the goods to the fraudulent escrow agents, who in\r\nturn wired the money to others in Eastern Europe, who in turn gave it to the defendants.  The payers/victims never\r\nreceived the items and never got their money back.\r\nThis resulted in a loss of millions of dollars.\r\nThe Bayrob group laundered this money by hiring “money transfer agents” and created fictitious companies with\r\nfraudulent websites designed to give the impression they were actual businesses engaged in legitimate financial\r\ntransactions.  Money stolen from victims was wired to these fraudulent companies and then in turn wired to\r\nWestern Union or Money Gram offices in Romania.  European “money mules” used fake identity documents to\r\ncollect the money and deliver it to the defendants. \r\nThe FBI investigated the case, with assistance from the Romanian National Police.  Senior Counsel Brian Levine\r\nof the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S.\r\nAttorneys Duncan T. Brown and Brian McDonough of the Northern District of Ohio prosecuted the case.  The\r\nOffice of International Affairs also provided assistance in this case.\r\nSource: https://www.justice.gov/opa/pr/two-romanian-cybercriminals-convicted-all-21-counts-relating-infecting-over-400000-victim\r\nhttps://www.justice.gov/opa/pr/two-romanian-cybercriminals-convicted-all-21-counts-relating-infecting-over-400000-victim\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/opa/pr/two-romanian-cybercriminals-convicted-all-21-counts-relating-infecting-over-400000-victim"
	],
	"report_names": [
		"two-romanian-cybercriminals-convicted-all-21-counts-relating-infecting-over-400000-victim"
	],
	"threat_actors": [],
	"ts_created_at": 1775791266,
	"ts_updated_at": 1775826784,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/35de7a1a520ca81fe1c0735415425c5e5557c4e3.pdf",
		"text": "https://archive.orkl.eu/35de7a1a520ca81fe1c0735415425c5e5557c4e3.txt",
		"img": "https://archive.orkl.eu/35de7a1a520ca81fe1c0735415425c5e5557c4e3.jpg"
	}
}