Romanian “Bayrob Group” Cybercriminals Convicted in Ohio after 12-Year Scam

According to a press release by the Department of Justice (DoJ), a federal jury in Ohio convicted two Romanian cybercriminals on 21 counts for infecting over a hundred thousand of computers in the U.S. with malware and duping victims out of millions of dollars.

On Thursday, April 11, a federal jury declared two cybercriminals from Bucharest, Romania to be guilty of their involvement in a nefarious scheme in which malware was used to hijack the victims’ personal information i.e. credit card details and other sensitive information, which was later used to cash out on the darknet, to mine cryptocurrencies and other illicit activities.

The Romanian duo – Bogdan Nicolescu (age 36) and Radu Miclaus (age 37) – were convicted by a federal jury in Ohio on Thursday after a 12-day trial. They have been associated with varieties of illicit activities that involve wire fraud, money laundering, identity theft, and other criminal activities. It is also believed that they have been active in in the conspiracy since 2007, when they first developed the malware that scooped up users’ credentials, financial data, personal information and more.

The press release also reveals that the two Romanian and another unnamed co-conspirator who pleaded guilty too were operating the criminal conspiracy from Bucharest, Romania; they have been referred to as the “Bayrob group.” They were sending victims malicious emails. The disseminated malicious emails that consisted of the malware were appearing to be legitimate messages from trusted firms such as Western Union, Norton Antivirus, and the IRS. But when the recipients tried to open the attached file, the furtive malware was unpacked in their computer.

Right after that, the malware started to stealing personal information, credit card details, passwords, the users’ names and even disabled the victims’ malware protection tool as well as blocked the victims’ access to law enforcement websites, presumably to impede any attempt to stop the malware. With the malware-infected harvested emails, the cybercriminals got access and control of more than 400,000 computers.

The Bayrob group reportedly used the processing power of these computers for crypto mining, a known cyber-criminal act dubbed as “crypto-jacking.” Moreover, whenever the victim visited payment websites such PayPal and other e-commerce or social media websites, the defendants would redirect them directly to similar phishing sites they had created, stealing their usernames and password and then payment details. They had also created fake webpages inside these phishing sites that include 1,000 fraudulent listings for automobiles, motorcycles and more supposedly on eBay, to make them look legitimate and thus manipulate the victims to trust their websites and dupe them.

The malware was also capable of copying emails from the victims’ contact lists and consequently sent those contacts malicious emails as well. According to the DoJ, the Bayrob group unearthed more than 100,000 email accounts and successfully sent tens of millions of malicious emails.

The stolen money then laundered by “money transfer agents” who transferred the money through all sorts of shell companies and then to Romanian offices of Western Union or Money Gram from where the defendants collected the money. “This scam resulted in a loss of millions of dollars,” according to the press release.