WASHINGTON–One man has pleaded guilty to using malware that helped to empty the bank accounts of at least 30 people, stealing more than $1.2 million.
Vyacheslav Khaimov, 55, of Brooklyn, has entered a guilty before U.S. Senior District Judge Edward R. Korman to running an unlicensed money-transmitting business that used banking Trojan attacks to steal the money, according to the Department of Justice.
Federal prosecutors said that Khaimov was part of a larger, global cybercrime ring that had attempted to steal as much as $6 million. At least four other parties are also suspected as being part of the ring, the Justice Department said. It has not identified the other parties.
"This is an ongoing investigation conducted by the FBI's Cyber Task Force. We will continue to investigate all co-conspirators and bring them to justice," William F. Sweeney Jr., the FBI's assistant director in charge of its New York field office, said in a released statement.
According to the FBI, the scheme worked by taking control of victims' bank accounts using malware, and then wiring funds to a network of individuals based in the United States, who in turn later moved some of the money into overseas accounts.
Khaimov was part of at least 20 wire transfers from victims' accounts, the Department of Justice said, adding he received $230,000 between July 2015 and May 2016.
While full details have not been provided, according to the Justice Department the scheme involved at least 20 “money mules,” which it descripted as “unsuspecting individuals who believe they are working for a legitimate 'work from home' business. As part of their 'employment,' the mules are instructed, typically via email, to open a bank account and receive the funds that have been removed from victims' bank accounts. The mule is then provided further instructions as to where to send the money she/he has received."
Federal officials said the banking Trojans help to reduce the risk to the scammers.