Stanislav Vitaliyevich Lisov, the Russian hacker responsible for the NeverQuest banking malware, has been sentenced to 4 years in prison by the United States District Court for the Southern District of New York.
In January 2017, Lisov was arrested at the Barcelona airport by the Guardia Civic. He was suspected of being the author of NeverQuest, devious banking malware code that was also known as Vawtrak.
Lisov pleaded guilty in February, acknowledging that he was the person in charge, the one who administered NeverQuest’s control infrastructure.
NeverQuest was designed to help cybercriminals steal login credentials, by injecting face forms into legitimate banking websites. The software records keystrokes and stores passwords on users’ PCs – even taking screenshots of unknowing victims’ computers.
The malware can even log in to victims’ online banking accounts and perform fraudulent activities.
Lisov operated NeverQuest from June 2012 to January 2015. He also managed a network of servers containing lists of stolen credentials.
“In total,” the Department of Justice wrote, “Lisov and his co-conspirators attempted to steal at least approximately $4.4 million using NeverQuest, and in fact, stole at least approximately $850,000 from their victims’ online financial accounts.”
Over the same period, Lisov maintained and rented botnet servers that stored more than 1.7 million stolen credentials – user names, passwords, and security questions and answers.
Judge Valerie E. Caproni sentenced Lisov to 48 months in prison and three years of supervised release. In addition. Lisov must pay forfeiture of $50,000 and restitution of $481,388,04.