{
	"id": "6367459e-d976-4917-8766-c7d0c30fe605",
	"created_at": "2026-04-06T00:22:07.1467Z",
	"updated_at": "2026-04-10T13:12:11.390005Z",
	"deleted_at": null,
	"sha1_hash": "b6634a779d08c131c3d4caf5f65ac6cf155e0d90",
	"title": "Gozi malware gang member arrested in Colombia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 188954,
	"plain_text": "Gozi malware gang member arrested in Colombia\r\nBy Catalin Cimpanu\r\nPublished: 2023-01-18 · Archived: 2026-04-05 23:42:05 UTC\r\nAuthorities in Colombia have arrested this week a Romanian national named Mihai Ionut Paunescu, one of\r\nthe three suspects charged in 2013 for creating and operating the infamous Gozi banking trojan.\r\nPaunescu was detained this week at the El Dorado airport in Bogotá, Colombia's capital, the country's attorney\r\ngeneral office announced on Thursday.\r\nPaunescu was first arrested in Bucharest, Romania, in December 2012 and was officially charged in the US in\r\nJanuary 2013 for having a crucial role in the distribution of Gozi, a type of malware that collected e-banking\r\ncredentials and allowed crooks to steal funds from victims' accounts.\r\nUS prosecutors claimed that Paunescu, who went online under the moniker of \"Virus,\" operated PowerHost[.]ro,\r\na company that provided \"bulletproof hosting\" services to malware authors by refusing to cooperate with\r\nauthorities and helping cybercriminals protect their command and control infrastructure against law enforcement\r\ninquiries and takedowns.\r\nWhile Paunescu provided protected hosting to multiple gangs, such as those operating the Zeus and SpyEye\r\ntrojans, authorities said he worked very closely with the Gozi gang.\r\nUS officials said Paunescu was one of the three core members responsible for the malware's botnet huge growth,\r\nwhich eventually infected more than one million computers between 2007 and 2013 -- with Paunescu coming on\r\nboard in 2010 when the Gozi 2.0 variant was first released.\r\nhttps://therecord.media/gozi-malware-gang-member-arrested-in-colombia/\r\nPage 1 of 4\n\nEtt fel inträffade.\r\nDet går inte att köra JavaScript.\r\nHowever, despite the solid case US authorities had against Paunescu, US prosecutors failed to obtain the suspect's\r\nextradition from Romania.\r\nIn light of the recent arrest, US officials said they plan to begin new extradition procedures in Colombia.\r\nIf extradited and found guilty in the US, Paunescu, now 36, faces up to 65 years in prison.\r\nOf the two other Gozi suspects, Nikita Kuzmin, a Russian national accused of first creating the Gozi trojan, was\r\narrested in California in 2013 and sentenced to 37 months in prison, time served, in May 2016. He was also fined\r\n$6,934,979.\r\nDeniss Calovskis, who created Gozi's \"web injects\" (fake e-banking login pages), was arrested in Latvia, but\r\nauthorities refused to extradite him to the US due to a too harsh prison sentence that could have reached up to 67\r\nyears in prison.\r\nAfter the Gozi malware gang was charged in January 2013, the malware's source code also leaked online and is\r\nnow at the heart of many banking trojan strains, such as Gozi Prinimalka, Gozi ISFB, Gozi CRM, Schnitzel Gozi,\r\nGoziv3, Neverquest, Rovnix, Vawtrack, Tepfer, Dapato, Ursnif, and many others.\r\nhttps://therecord.media/gozi-malware-gang-member-arrested-in-colombia/\r\nPage 2 of 4\n\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/gozi-malware-gang-member-arrested-in-colombia/\r\nPage 3 of 4\n\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/gozi-malware-gang-member-arrested-in-colombia/\r\nhttps://therecord.media/gozi-malware-gang-member-arrested-in-colombia/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/gozi-malware-gang-member-arrested-in-colombia/"
	],
	"report_names": [
		"gozi-malware-gang-member-arrested-in-colombia"
	],
	"threat_actors": [],
	"ts_created_at": 1775434927,
	"ts_updated_at": 1775826731,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b6634a779d08c131c3d4caf5f65ac6cf155e0d90.pdf",
		"text": "https://archive.orkl.eu/b6634a779d08c131c3d4caf5f65ac6cf155e0d90.txt",
		"img": "https://archive.orkl.eu/b6634a779d08c131c3d4caf5f65ac6cf155e0d90.jpg"
	}
}