SpyEye’s Developer Aleksandr Panin and Seller Hamza Bendelladj Jailed for 9 and a half and 15 Years Respectively for Extracting Millions from Banks Worldwide

Malicious Banking Trojan SpyEye’s developer Aleksandr Panin has received a sentence of 9 and 1/2years in jail for creating a malicious banking Trojan that helped malicious actors drain millions from bank accounts across the world.

The 27-year-old malware developer was sentenced for letting cybercriminals conduct large scale frauds by retrieving money from bank accounts worldwide. The Russian convict will be serving his time of sentence in a US Federal prison.

According to information provided by the US Department of Justice on 20th April that his partner in crime the Algerian citizen Hamza Bendelladj was also given 15 years’ sentence for selling SpyEye versions online (HE ISN’T DEAD). Bendelladj stole crucial financial information due to which cybercriminals were able to perform their malicious acts. He transferred over 1 million spam emails that contained SpyEye strains and other software to a computer within the US. This resulted in infecting millions of computers.

The Department of Justice also explained the crimes performed using SpyEye in this statement:

“Until dismantled by the FBI, SpyEye was the preeminent malware banking Trojan from 2010-2012, used by a global syndicate of cyber criminals to infect over 50 million computers, causing close to $1 billion [£700m] in financial harm to individuals and financial institutions around the globe.”

Panin used the nicknames “Gribodemon” and “Harderman” when he was active on the web. It is alleged that he created this malicious software after receiving source code and sale rights of Zeus malware from Evgeniy Bogachev in November 2010. Then he incorporated various components of Zeus to create his own malware, which he dubbed as SpyEye.

SpyEye was, however, officially launched in 2009 by Panin. It was a Trojan virus that infiltrated a computer and stole personal data such as credit card and bank account details along with Login IDs and passwords. SpyEye was capable of tricking users into giving out their personal information via bogus bank account web pages after the virus took control of the computer. The data stolen from the computers was then transferred to the attacker or the command and control server.

Hamza Bendelladj is not dead, he is in prison

According to Mark Ray, FBI’s special agent SpyEye was quite user-friendly from the perspective of cyber criminals in comparison to the parent malware Zeus because it operated like a “Swiss army knife of hacking.” SpyEye was very easy to use and allowed full customization and tailoring of spying methods.

To rake in maximum profits from his malware, Panin collaborated with Bendelladj or “Bx1” and several others to create, improvise and sell this malware on the forum that was dedicated to cyber crimes. This occurred between 2009 and 2011. The platform used for fulfilling this goal was Darkode.com and the asked price ranged between $1000 and $10,000. Darkode.com is deemed as the most widely preferred cybercrime forum around the world and the crème de la crème of cybercriminals used it to buy malware. It was later taken down.

In 2011, the FBI identified and seized an Atlanta-based server hosting SpyEye. According to the Bureau, this server was under the control of Bendelladj and through this server; he was controlling over 200 infected machines and had saved financial details of key banks. FBI further explained that between June and July same year, undercover agents of the Bureau contacted Panin to buy SpyEye kit version that contained full suite.


Then in December 2011, a Georgia grand jury indicted both Panin and Bendalladj while in January 2013 Bendalladj got arrested in Bangkok and sent to the US later. Panin, conversely, was arrested in July 2013 from Atlanta airport.

In January 2014, Panin admitted to conducting all the 23 charges, which included banking and wire fraud. Bendalladj pleaded guilty to all charges in June 2015. Foreign authorities also arrested four clients of Panin who bought the malware. These clients were based in the UK and Bulgaria.

It was later identified by the FBI that Panin was planning to launch SpyEye version 2.0 just months after his arrest. Had it been launched, it would have been “one of the most prolific and undetectable botnets distributed to date, and could cause immeasurable losses to the international banking industry and individuals around the world,” claim FBI officials.

Pushpa Mishra

Pushpa is a Dubai based scientific academic editor who worked for Reuters' Zawya business magazine and at the same time a passionate writer for HackRead. From the very first day she has been a blessing for team Hackread. Thanks to her dedication and enthusiasm.