Citadel is a piece of massively-distributed
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
based upon
Zeus
Zeus or , , ; grc, Δῐός, ''Diós'', label=Genitive case, genitive Aeolic Greek, Boeotian Aeolic and Doric Greek#Laconian, Laconian grc-dor, Δεύς, Deús ; grc, Δέος, ''Déos'', label=Genitive case, genitive el, Δίας, ''D ...
. It targets credentials stored in
password manager
A password manager is a computer program that allows users to store and manage their passwords for local applications and online services. In many cases software used to manage passwords allow also generate strong passwords and fill forms. Pas ...
s such as
Keepass
KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, Andro ...
,
Password Safe
Password Safe is a free and open-source password manager program originally written for Microsoft Windows but supporting wide area of operating systems with compatible clients available for Linux, FreeBSD, Android, IOS, BlackBerry and other o ...
and
neXus Personal Security Client.
By 2017 (it was first identified in 2011) Citadel had infected about 11 million computers worldwide and had caused over $500 million in losses.
On March 20, 2017, having been extradited from Norway to the United States, a Russian computer science professional
Mark Vartanyan pleaded guilty to a computer fraud charge for his part in developing the Control Panel for Citadel. In July 2017, he was sentenced to 5 years in
federal prison
A federal prison is operated under the jurisdiction of a federal government as opposed to a state or provincial body. Federal prisons are used for convicts who violated federal law (U.S., Mexico), inmates considered dangerous (Brazil), or those s ...
.
See also
*
Conficker
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passw ...
*
Command and control (malware)
*
Gameover ZeuS
GameOverZeus is a peer-to-peer botnet based on components from the earlier ZeuS trojan. The malware was created by Russian hacker Evgeniy Mikhailovich Bogachev. It is believed to have been spread through use of the Cutwail botnet.
Unlike its pr ...
, the successor to ZeuS
*
Operation Tovar
Operation Tovar is an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which is believed by the investigators to have been used in bank fraud and the distributi ...
*
Timeline of computer viruses and worms
A timeline is a display of a list of events in chronological order. It is typically a graphic design showing a long bar labelled with dates paralleling it, and usually contemporaneous events.
Timelines can use any suitable scale representin ...
*
Tiny Banker Trojan
Tiny Banker Trojan, also called Tinba, is a malware program that targets financial institution websites. It is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by estab ...
*
Torpig
Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit ...
*
Zeus (malware)
*
Zombie (computer science)
In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hac ...
References
Windows trojans
{{malware-stub