Mihai Paunescu, creator of dangerous Gozi malware, was finally arrested in Colombia

Colombian authorities announced the arrest of Romanian national Mihai Ionut Paunescu, who was being sought by the U.S. Department of Justice (DOJ) for his alleged involvement in the creation of Gozi, one of the most dangerous malware variants ever detected.

Paunescu, accused of having compromised the IT systems of multinational companies, banking institutions and government agencies, was arrested by security forces at Bogota’s El Dorado International Airport, according to the Prosecutor’s Office of Colombia.

In their statement, the local authorities said: “the Romanian citizen was located at El Dorado Airport. Paunescu is one of the alleged lead developers of the Gozi computer virus, which was used to steal confidential information from more than a million computers worldwide.”

The U.S. District Court for the Southern District of New York requires defendant presence to answer for the charges against him, which include conspiracy to commit wire fraud, unlawful access to protected computer systems, and conspiracy to commit computer intrusion.

About Gozi, cybersecurity specialists mention that this is a malware variant created in 2007 capable of stealing confidential information. Gozi’s first wave of attacks would have generated losses of tens of millions of dollars. The operators sent the malicious code in the form of attachments to legitimate-looking emails. Upon being downloaded to the target system, Gozi began searching for and collecting sensitive information such as bank keys, login credentials, and critical financial information to send to a location controlled by hackers.

Gozi’s main focuses of activity included countries such as the United Kingdom, Germany, the United States, France, Italy and Turkey. 

From the moment of the arrest, the accused was placed at the disposal of the Colombian Prosecutor’s Office, which notified the DOJ to begin the extradition process. Details about the sentence Paunescu could face are still unknown. 

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.