This article is more than 1 year old

Bucharest's Bayrob boys blasted based on bogus buys, Bitcoin banditry, bound to be behind bars

Romanian duo catch 21 felony convictions for selling details of hacked machines on darknet

Two Romanian nationals face the prospect of years in a US prison after being convicted for their roles in a malware-based financial fraud ring.

Bogdan Nicolescu, and Radu Miclaus, both of Bucharest, were found guilty Thursday on counts of conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering, and 12 counts of wire fraud. In total, each man caught convictions on 21 charges.

They will be sentenced on 14 August.

Over the 12-day trial in the Northern Ohio US District Court, prosecutors outlined how the two men, along with the already-convicted Tiberiu Danet (due to be sentenced next month), orchestrated a scheme to infect machines with spyware and then used that to harvest financial account details, redirect traffic to phishing sites, mine cryptocurrency and register bogus email accounts.

Known as Bayrob, the operation extracted money from its victims on a number of fronts.

Auctioneer with hammer

Bayrob: Romanian auction fraud suspects extradited to the US


In addition to swiping bank accounts and selling personal information on darknet markets, the trio would use the malware to redirect infected machines from sites like eBay to look-alike pages on servers they owned. Believing they were purchasing items from legitimate auction sites, victims were instructed to pay money to an "escrow agent" who actually a money mule.

"It began in 2007 with the development of proprietary malware, which they disseminated through malicious emails purporting to be legitimate from such entities as Western Union, Norton AntiVirus and the IRS. When recipients clicked on an attached file, the malware was surreptitiously installed onto their computer," the DOJ said.

"This malware harvested email addresses from the infected computer, such as from contact lists or email accounts, and then sent malicious emails to these harvested email addresses."

The group would also look to turn a quick buck by using the compute power of their malware-infected machines to mine cryptocurrency. It is estimated that, at its peak, Bayrob enlisted more than 400,000 infected PCs in its ranks.

The scheme ran from 2007 until 2016, when the group was arrested sent to the US to face trial. ®

More about


Send us news

Other stories you might like