BRUSSELS • US and European law enforcement officials yesterday said they had dismantled a global organised cyber crime network, which used malware to steal banking login details in an attempt to pocket about US$100 million (RM416.03 million) from thousands of businesses.

A federal grand jury in Pittsburgh charged 10 members of the network, and other criminal prosecutions have begun in Georgia, Moldova and Ukraine, the European Union’s (EU) agency for law enforcement cooperation Europol said in a statement.

Five Russian nationals charged in the indictment are on the run, the agency said, including the developer of the malware.

In what Europol called a “highly specialised and international criminal network”, the members — spread across Georgia, Moldova, Bulgaria, Ukraine and Russia — sent spear-phishing emails to infect computers with malware, dubbed GozNym, designed to capture login details. That allowed the members to steal money from the bank accounts and launder the funds using US and foreign bank accounts.

“It was truly the scope of this organisation that made this campaign so dangerous,” Scott W Brady, US attorney for the Western District of Pennsylvania, said at a press conference at Europol’s headquarters in the Hague.

The cyber investigative team at the Federal Bureau Investigation’s Pittsburgh field office initiated the investigation, which accelerated in 2016 after officials took down the Avalanche network. That network provided online hosting services to dozens of some of the largest malware campaigns, including GozNym.

“We identified over 41,000 victims, unsuspecting citizens of European and North American countries who thought they were clicking on a simple invoice as part of their business,” Brady said. ”Instead, they were giving hackers access to their most personal and sensitive information.”

He said targeted businesses included law firms, mom-and-pop businesses, international corporations and non-profit organisations.

The group’s leader controlled more than 41,000 computers infected with the GozNym malware. The accomplices used encryption techniques so the malware could avoid detection by antivirus tools and protective software, Europol said. Once infected, money was then wired to other accounts or withdrawn from ATMs in order to be distributed to members of the network.

The wider investigation was also supported by Eurojust, the EU’s judicial cooperation unit. — Bloomberg