Moldovan Sentenced for Distributing Multifunction Malware Package

PITTSBURGH, Pa. - A resident of Moldova has been sentenced in federal court to time served on his conviction of conspiracy and damaging a computer, United States Attorney Scott W. Brady announced today.

United States District Judge Bissoon imposed the sentence on Andrey Ghinkul, aka Andrei Ghincul, aka Smilex, 31, of Moldova. Ghinkul had been arrested in Cyprus in August of 2015 and extradited to the United States in February 2016.

According to information presented to the court, the defendant was part of a criminal conspiracy that disseminated the Bugat malware, used malware to steal banking credentials, and then used the stolen credentials to initiate fraudulent electronic funds transfers of millions of dollars from the victims’ bank accounts.

This case involves a sophisticated international conspiracy that infects computers with the malware known as Bugat. Bugat, which is also referred to as Cridex and Dridex, is a multifunction malware package. It is specifically designed to automate the theft of confidential personal and financial information, such as online banking credentials, from infected computers through the use of keystroke logging and web injects.

Assistant United States Attorneys Shardul S. Desai and Mary McKeen Houghton prosecuted this case on behalf of the government.

United States Attorney Brady commended the Federal Bureau of Investigation for the investigation leading to the successful prosecution of Ghinkul.