‘Use paid software in malware led to maker’s arrest’

Security firm Trend Micro has analyzed the EyePyramid malware, which is likely used to steal data from, for example, the president of the ECB. The person behind the malware would have been traced by using paid software.

In its analysis, Trend Micro reports that the malware was used to steal 87GB of data such as passwords, usernames, internet history and hard drive contents from key Italian targets. The malware was distributed through a targeted phishing campaign. Targets included ECB President Mario Draghi and former Italian Prime Minister Matteo Renzi, Reuters said. The purchase of MailBee.net.dlls has led, among others, the FBI and the Italian authorities to the identity of the suspect, Trend Micro writes.

The MailBee.net.dlls were used to write email software that sends files from infected systems to various email addresses of the attacker. The license code would be hidden in the source code of the malware. The attacker mainly targeted lawyers from different offices with the spread of the malware.

The hackers are a man and his sister, who were arrested Tuesday, according to Reuters. They are suspected of having hacked a total of 18,000 accounts in addition to Draghi and Renzi accounts. The male suspect is said to have used the stolen information to make investments through his own company Westland Securities. The stolen data was stored on servers in the US states of Minnesota and Utah. The servers have been seized.

Evidence would show that in addition to stealing data, the hackers were able to install keyloggers on various systems. Investigative services tracked down the two suspects following the discovery of an infected email in April 2016. The two are said to have been using the malware since 2010.