Russian hacker pleads guilty in U.S. for role in Citadel malware

He'll receive, at most, a five-year sentence after striking a deal with prosecutors.

The hacker known as Kolypto pleaded guilty in an Atlanta courtroom on Monday to a charge of computer fraud after reaching a deal with federal prosecutors who agreed to seek no more than five years in prison for the crime.

Mark Vartanyan, 29, was arrested in Norway in 2014 and extradited to the United States in December 2016. Although he pleaded not guilty last week, Vartanyan took a deal just four days later, the Associated Press reports. He was accused of developing and distributing the malware known as Citadel.

Citadel was described in its heyday as a “state-of-the-art toolkit to both distribute malware and manage infected computers” by security firm Malwarebytes. The malware’s own tagline boasted it was a “universal spyware system.”

Screenshot via Malwarbytes


Citadel launched in 2011 on Russian invite-only hacker forums and gained widespread popularity, promising to steal financial information from infected computers. It’s estimated to have cost $500 million in losses on 11 million infected machines over a three year period.

In addition to exceptional technical prowess, Citadel was renowned for positive customer service. The developers solicited feedback from users and then incorporated it in the product, a virtuous cycle that just fed into the malware’s popularity. The reason the malware didn’t cause further damage is that the source code was leaked, allowing cybersecurity software to more ably defend against it.

Vartanyan was just one member of a team involved in creating and spreading Citadel. Dimitry Belorossov, a 22-year-old Russian hacker who went by the name Rainerfox, was sentenced to four years and six months in prison in 2015 for his use of the malware against over 7,000 infected machines.

The creator of Citadel remains under Justice Department investigation.

Latest Podcasts