Spanish authorities have arrested a Russian national who they believe is responsible for having helped develop and operate the NeverQuest banking trojan.
On 13 January, Spain’s law enforcement agency Guardia Civil placed 32-year-old Stanislav Lisov under arrest on charges of having used electronic means to hack computers and commit fraud.
Authorities converged at El Prat airport in Barcelona after investigators with the force’s Unidad Central Operativa (Central Operative Unit) spotted Lisov and his wife on vacation in Catalonia. They arrested him as soon as he and his wife exited a car in the airport’s parking lot before they boarded a flight for another EU country.
The United States has been investigating Lisov since 2014 on suspicion that he helped create a piece of malware called NeverQuest.
Whoever developed the malware, which also goes by the name “Vawtrak,” they’re still committed to updating their creation. The most recent upgrade came in late summer 2016, when NeverQuest’s list of websites expanded to include other types of targets such as government agencies and payroll services.
In total, the malware is believed to have robbed victims of approximately 5 million USD.
Lisov currently sits in jail, as an analysis of his servers located in France and Germany revealed the Russian national had obtained lists of stolen information from users regarding their accounts at various financial institutions. One such server contained usernames, passwords, security questions and answers, and account numbers.
As of this writing, the FBI is petitioning Spain to extradite Lisov to the United States.