US officials said Friday that nine people, including three Ukrainians and a Russian, were charged in a scheme that stole millions of dollars by hacking into online bank accounts. An indictment unsealed Friday alleges that the hackers used "Zeus" malware to steal passwords, account numbers, and other information necessary to log into online banking accounts.
In the scheme dating back to 2009, the nine worked to infect computers with "Zeus" to allow the hackers to access their accounts.
They then used "money mules" in the United States to withdraw funds and make transfers to others abroad.
The indictment was unsealed in connection with the arraignment in Lincoln, Nebraska, of two Ukrainian nationals, Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36. Both were recently extradited from Britain, according to a US Justice Department statement.
All nine people were charged by a federal grand jury in August 2012 with conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.
"The 'Zeus' malware is one of the most damaging pieces of financial malware that has ever been used," said Acting Assistant Attorney General David O'Neil.
"As the charges unsealed today demonstrate, we are committed to making the Internet more secure and protecting the personal information and bank accounts of American consumers."
Four of those named in the indictment remain at large, and three others accused in the document were not named.
Those at large were identified as Vyacheslav Igorevich Penchukov, 32, of Ukraine; Ivan Viktorvich Klepikov, 30, of Ukraine; Alexey Dmitrievich Bron, 26, of Ukraine; and Alexey Tikonov, of Russia.