The Russian authorities arrested a creator malware in late September, causing surprise as Russia is a country that is usually lenient with them hackers. According to the Russian Interior Ministry, The accused is a 20-year-old Russian hacker from the region of North Ossetia-Alania.
According to the Russian authorities, the Russian hacker created a lot of malware during the period November 2017 and March 2018. These malware used them for infection of at least 2.100 computers throughout Russia.
However, according to the indictment, the malware was not used only by him. The accused worked with six other people to distribute the malware. The whole team earned more than 4,3 million Russian rubles (~ $ 55.000) thanks to this malware.
Russian authorities have not made public the name of the detainee. However, the Benoit Ancel, malware analyst at CSIS Security Group, said the accused is a Russian hacker, who is being monitored by other security investigators. His nickname is "1ms0rry".
In April 2018, Ancel and other researchers security worked together to detect 1ms0rry online businesses and malware.
Based on exhibition Ancel infected 1ms0rry with the following malware:
1ms0rry-Miner: a trojan that starts cryptocurrency mining immediately after installation on a device.
N0f1l3: an info-stealer trojan that steals data (browser passwords, cryptocurrency wallet configuration files, Filezilla FTP credentials and specifically archives from the desktop) from infected computers.
LoaderBot: a trojan that initially infects a device and then develops other malicious programs.
According to the French researcher, the Russian hacker 1ms0rry sold his malware to Russian speakers hacking Forums. In addition, some of them were eventually used to create even more powerful malware, such as Bumblebee (based on 1ms0rry-Miner), FelixHTTP (based on N0f1l3), EnlightenedHTTP and the very popular Evrial (which had common code with 1ms0rry malware).
The report of the researcher and his collaborators in 2018, also revealed some data for the true identity of 1ms0rry. The report said it was one talented young developer from Vladikavkaz, who had also received praise from local authorities for his involvement in the security in cyberspace.
However, the young developer did one big mistake. His malware was used to attack Russian users.
Until now, the Russian authorities have been lenient with the Russians hackers and had "turned a blind eye" to various criminal acts. This was the case, however, as long as Russian citizens and local businesses were not targeted.
In recent years, many Russian hacking groups have gone unpunished for operations carried out outside Russia. Russian authorities refuse to extradite Russian hackers despite repeated allegations by Russian authorities USA.
According to ZDNet, all the major Russian-speaking hacking forums and the dark web make it very clear in their rules that members are prohibited from attacking users in the former Soviet Union. Everyone knows that if they do not attack Russian citizens, they will be able to continue their activities without being disturbed by the authorities.
Therefore, many of the malware are designed to avoid infecting Russians users.
However, 1ms0rry either seems unaware of this rule or has deliberately chosen to ignore it for additional gain. In any case, the decision to target Russian users did not go well.