The U.S. Justice Department says it has launched an effort to dismantle a global network of tens of thousands of infected computers under the control of a “cybercriminal.”
A civil complaint filed in U.S. court seeks to stop Pyotr Levashov, a Russian citizen, from continuing the scheme, the department said in an April 10 statement.
Levashov, who allegedly operated the Kelihos botnet since approximately 2010, was detained in Barcelona on April 7 at the request of U.S. authorities, Spanish authorities said earlier.
State-backed Russian TV channel RT quoted Levashov's wife, Maria, as saying Spanish police told her the arrest was made in connection with "a virus which appears to have been created by my husband [and] is linked to [U.S. President Donald] Trump's victory."
Spanish police did not confirm a connection to the U.S. election.
But the AFP news agency quoted an unidentified "legal source" as saying Levashov is "suspected of having participated in hacking the election campaign in the United States."
In January, the U.S. intelligence community concluded that Russian President Vladimir Putin had ordered a hacking-and-propaganda campaign aimed at undermining faith in the U.S. election system and denigrating Trump's election opponent, Hillary Clinton.
In its statement, the U.S. Justice Department said Kelihos malware targeted computers running the Microsoft Windows operating system and “harvested user credentials by searching infected computers for usernames and passwords and by intercepting network traffic.”
Levashov allegedly used the information gained to “further his illegal spamming operation which he advertised on various online criminal forums.”
“The Kelihos botnet generated and distributed enormous volumes of unsolicited spam e-mails advertising counterfeit drugs, deceptively promoting stocks in order to fraudulently increase their price...work-at-home scams, and other frauds,” the statement said.
Kelihos was also responsible for installing other malware onto victims’ computers, including “ransomware and malware that intercepts users’ bank account passwords.”