According to the documents newly unsealed by the Justice Department, nine hackers have been charged with conspiring to use malware to collect bank data and steal millions. The hackers — two of whom are Ukrainians nationals who now face charges in Nebraska — allegedly used the Zeus malware tool, which has been extensively used in the past to steal credit card information and compromise security.
"One of the most damaging pieces of financial malware that has ever been used."
The nine hackers were originally indicted in August 2012, but the documents were unsealed today ahead of a scheduled arraignment. Two were extradited to Nebraska because losses were linked to a Nebraskan bank. Four others from Ukraine and Russia have been identified, though they remain at large. Three other members have not yet been found. While it's unclear how much was stolen specifically, the group allegedly installed the Zeus tool on victims' computers as a means of siphoning PIN numbers, account numbers, SecurID token codes, and other forms of financial data to commit the heist. The funds were then wired overseas by so-called "money mules" working in the States. Acting Assistant Attorney General David O'Neil went so far as to call the tool "one of the most damaging pieces of financial malware that has ever been used."
This isn't the first time the Zeus tool has been linked to a high-profile case since its debut in 2007. Last year, hackers were able to spread the malware using the NBC.com website, which allowed them to gain control of users' computers. It was later used in a lucrative marketing scam on Instagram that generated and sold fake "Likes" and followers to brands