A Russian national operated an underground operation that offered “encrypted” services concealing malicious software untraceable by every major antivirus software. By becoming undetectable, the Kelihos malware would enable hackers to penetrate hundreds of thousands of computers globally.
Malware to Include Botnet Code, Keyloggers, Trojans, and More
Oleg Koshkin, 41, operated several websites that promised to render the malware completely undetectable by almost every major antivirus company.
Koshkin and his co-conspirators stated that their service could safely hide multiple kinds of malware, including botnet codes, remote access trojans, keyloggers, cryptocurrency miners, and others.
Koshkin worked with Peter Levashov, the operator of Kelihos botnet. Together, they were supposed to develop a system that would allow Levashow to crypt the Kelihos malware multiple times per day.
Koshkin gave Levashov high-volume encryption services that Levashov used to distribute Kelihos via several criminal affiliates.
In its last four months of operation, Kelihos malware infected about 200,000 computers globally. Koshkin and his allies have successfully evaded basic cyber defense for years as they spread out the malware around the world.
The US federal jury convicted Koshkin on June 15. On December 9, he was sentenced to 48 months in prison based on one count of conspiracy to commit computer fraud and abuse and one count of computer fraud and abuse.
Levashov pleaded guilty back in 2018 to various frauds, conspiracy, computer crime, and IT theft offenses.