Nine people have been charged in an alleged international conspiracy that used malicious software to gather bank account details and use the information to steal millions of dollars, including from accounts held at a Nebraska bank, the Department of Justice said on Friday.
Two of the defendants, both Ukrainian nationals who were living in the UK, have been extradited to face charges in Nebraska, the U.S. Justice Department said. Four other defendants, who live in the Ukraine and in Russia according to court documents, remain at large. The three other defendants have not yet been identified.
A grand jury indicted the defendants in August 2012, but the indictment was not unsealed until Friday.
According to the charges, the group used Zeus malware to capture passwords and account numbers and then used that information to log into online banking accounts to steal millions of dollars.
The Zeus virus is a piece of malicious software that has been widely used to steal credit card information and other financial data.
The defendants were able to use the malware to beat two-factor identification systems, including SecurID, a product of the RSA unit of EMC Corp., prosecutors said.
The indictment was unsealed on Friday ahead of an arraignment of the two defendants who were extradited from the UK, Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36, the Justice Department said.
Prosecutors say the defendants used U.S. residents as "money mules," receiving funds transferred over the Automated Clearing House network or via other interstate wire systems from victims' bank accounts into the mules' own bank accounts. These people then allegedly withdrew some of those funds and wired the money overseas to conspirators.