{ "id": "ae729420-9bd3-4175-b54d-c09582d7da77", "created_at": "2026-04-06T00:13:19.153731Z", "updated_at": "2026-04-10T13:12:32.221595Z", "deleted_at": null, "sha1_hash": "5a582d1b759f7fe19e930c216aebe3e57329389d", "title": "FastPOS Malware Creator Pleads Guilty", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 248133, "plain_text": "FastPOS Malware Creator Pleads Guilty\r\nBy Akshaya Asokan\r\nArchived: 2026-04-05 13:59:12 UTC\r\nCard Not Present Fraud , Cybercrime , Cybercrime as-a-service\r\nProsecutors Say He Provided Help to Cybercriminals Via Infraud Site (asokan_akshaya) • August 1, 2020    \r\nThe Infraud Organization website was shuttered by law enforcement in 2018. (Source: U.S. Justice\r\nDepartment)\r\nA one-time member of the infamous Infraud Organization who was the creator of a malware strain called FastPOS\r\nhas pleaded guilty to a federal conspiracy charge, according to the U.S. Justice Department.\r\nSee Also: OnDemand | Transform API Security with Unmatched Discovery and Defense\r\nOn Friday, Valerian Chiochiu, 30, pleaded guilty to a single charge of conspiracy under the Racketeer Influenced\r\nand Corrupt Organizations Act, commonly known as RICO, according to the Justice Department. Chiochiu, a\r\nnative of Moldova who is living in the U.S., could face up to 10 years in prison when he is sentenced on Dec. 11.\r\nAfter the Infraud website was seized and shuttered by international law enforcement in 2018, Chiochiu was\r\namong 36 individuals indicted for running the website, which authorities say caused $530 million in confirmed\r\nfraud losses and attempted to steal more than $2.2 billion (see: Feds Dismantle Ukrainian's $530 Million Carding\r\nEmpire).\r\nhttps://www.bankinfosecurity.com/fastpos-malware-creator-pleads-guilty-to-federal-charges-a-14751\r\nPage 1 of 3\n\nChiochiu, who is currently free on bond, is the second member of the Infraud Organization to plead guilty. In\r\nJune, Sergey Medvedev, a co-founder of Infraud, entered a guilty plea and now faces up to 10 years in federal\r\nprison (see: Co-Creator of Site That Sold Payment Card Data Pleads Guilty).\r\nThe organization's other co-founder, Svyatoslav Bondarenko, remains at large, according to the Justice\r\nDepartment.\r\nChiochiu's Role\r\nChiochiu, who also went by the online names of \"Onassis,\" \"Flagler,\" \"Socrate\" and \"Eclessiastes,\" joined Infraud\r\nOrganization in 2012, according to the Justice Department. Although a resident of Moldova, federal prosecutors\r\nalleged that Chiochiu was residing in the U.S. during the time of conspiracy.\r\nWhile other members of the group worked to promote the Infraud Organization website, prosecutors charged that\r\nChiochiu helped provide \"guidance to other members on the development, deployment and use of random access\r\nmemory point-of-sale malware as a means of harvesting stolen data,\" according to federal court documents.\r\nIn addition to his role in the Infraud Organization, Chiochiu acknowledged during his plea agreement that he\r\ncreated a malware strain called FastPOS, which was designed to target point-of-sale devices in to steal payment\r\ncard data, prosecutors say.\r\nFastPOS was first discovered by researchers from security firm TrendMicro in 2016. The malware was designed\r\nto immediately exfiltrate any payment card data from a POS device, instead of storing it locally in a file and\r\nperiodically sending it to its creators.\r\nAt the time, Trend Micro found that FastPOS had infected devices all over the world, including in the U.S. The\r\nresearchers also noted the creators of the malware were using the same command-and-control server to harvest\r\nand then sell the stolen credentials and payment card data.\r\nInfraud Organization\r\nThe Infraud Organization ran an online forum dedicated to criminal activity that federal prosecutors claim had\r\nmore than 10,000 members in March 2017. The site used the slogan \"In Fraud We Trust,\" according to the Justice\r\nDepartment.\r\nThe gang that operated Infraud engaged in a variety of identity theft and financial fraud from October 2010 to\r\nFebruary 2018, prosecutors say. It's believed to be responsible for the sale or purchase of over 4 million\r\ncompromised payment card numbers during that time, according to the court filing. The aim of the organization\r\nwas to develop the \"premier online destination for the purchase and sale of stolen property and other contraband\"\r\nthat also serves as the source of other contraband vendors, prosecutors say.\r\nThe gang used advertising to direct traffic from its website to other automated sites that were owned or operated\r\nby its members, helping other cybercriminals traffic in point-of-sale malware, banking Trojans, stolen payment\r\ncard details and counterfeit identification, according to court documents.\r\nhttps://www.bankinfosecurity.com/fastpos-malware-creator-pleads-guilty-to-federal-charges-a-14751\r\nPage 2 of 3\n\nSource: https://www.bankinfosecurity.com/fastpos-malware-creator-pleads-guilty-to-federal-charges-a-14751\r\nhttps://www.bankinfosecurity.com/fastpos-malware-creator-pleads-guilty-to-federal-charges-a-14751\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bankinfosecurity.com/fastpos-malware-creator-pleads-guilty-to-federal-charges-a-14751" ], "report_names": [ "fastpos-malware-creator-pleads-guilty-to-federal-charges-a-14751" ], "threat_actors": [ { "id": "43cfcac9-ab2f-4f7d-ad3b-b2c09fb672b5", "created_at": "2022-10-25T16:07:24.499018Z", "updated_at": "2026-04-10T02:00:05.012584Z", "deleted_at": null, "main_name": "Infraud Organization", "aliases": [ "Operation Shadow Web" ], "source_name": "ETDA:Infraud Organization", "tools": [ "FastPOS" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434399, "ts_updated_at": 1775826752, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5a582d1b759f7fe19e930c216aebe3e57329389d.pdf", "text": "https://archive.orkl.eu/5a582d1b759f7fe19e930c216aebe3e57329389d.txt", "img": "https://archive.orkl.eu/5a582d1b759f7fe19e930c216aebe3e57329389d.jpg" } }