A federal jury in Connecticut convicted Russian national Oleg Koshkin for operating a “crypting” service that was used to hide the Kelihos malware from antivirus tools and, in doing so, enabled attackers to infect target machines with malware, including ransomware.
Court documents and evidence indicate Koshkin, formerly of Estonia, operated the websites “Crypt4U.com,” “fud.bz,” and others that claimed to make malware undetectable by “nearly every major provider of antivirus software,” officials wrote in a Justice Department release. Koshkin and his co-conspirators promised their services could be used for botnets, remote access Trojans, keyloggers, credential stealers, cryptocurrency miners, and other malware.
Koshkin worked with Peter Levashov, who operated the Kelihos botnet, to create a system that would let him crypt the malware multiple times a day. Koshkin gave Levashov a crypting service that enabled him to spread Kelihos through a number of criminal affiliates, and Levashov used it to distribute spam, collect account credentials, launch denial-of-service attacks, and spread ransomware.
The Kelihos botnet had amassed at least 50,000 infected machines by the time FBI officials took it down, officials report. Koshkin was arrested in 2019 and has been detained since then. He faces a maximum penalty of 15 years in prison and is set to be sentenced on Sept. 20, 2021.
Read the full Justice Department release for more details.