Three Romanian nationals have been extradited to the United States to face charges that they operated a cyber fraud scheme in which they infected at least 60,000 computers and stole at least $4 million, U.S. prosecutors said on Friday.
Bogdan Nicolescu, 34, Tiberiu Danet, 31, and Radu Miclaus, 34, were charged in an indictment filed in federal court in Cleveland with charges including wire fraud, aggravated identity theft and conspiracy to commit money laundering.
The trio were extradited to the United States this week after being arrested in Romania earlier this year, prosecutors said. In court on Friday, Danet and Miclaus pleaded not guilty. Nicolescu has not yet been arraigned, court records show.
Danet's lawyer confirmed his client pleaded not guilty. A lawyer for Miclaus did not respond to requests for comment and an attorney for Nicolescu could not be identified.
Prosecutors said they belonged to a group in Bucharest called "Bayrob" that in 2007 began to develop and deploy malware sent through emails claiming to be from entities like Western Union, Norton AntiVirus and the U.S. Internal Revenue Service.
Prosecutors said after users clicked on an attached file, the malware would get installed on the computer. It would then harvest email addresses from contact lists or email accounts, which then received email with the malware as well, they said.
More than 60,000 computers were infected, prosecutors said. Once infected, the defendants could control these computers to collect information including credit card details, user names and passwords, they said.
They also used the infected computers to mine for digital currencies like bitcoin, causing the devices to become unusable or slow, prosecutors said.
When users with infected computers visited websites like Facebook or eBay, the defendants would redirect the computer to a nearly identical site, allowing them to steal account credentials, prosecutors said.
They also placed over 1,000 listings for cars, motorcycles and other goods on auction sites like eBay with photos infected with malware that would redirect a victim who clicked on the image to fake webpages, prosecutors said.
These webpages prompted users to pay through a nonexistent "escrow agent" who wired the money to others in Eastern Europe, who then gave it to the defendants, prosecutors said, resulting in about $4 million in losses.
Symantec Corp(SYMC.O), which in a statement claimed credit for helping unearth the "Bayrob" gang, said the group had stolen up to $35 million USD from victims through various means.
The case is U.S. v. Nicolescu et al, U.S. District Court, Northern District of Ohio, No. 16-cr-00224.
(Reporting by Susan Heavey; Editing by Jonathan Oatis and Andrew Hay)