The US has shut down the network behind the “IPStorm” malware, which had developed the capability to infect Windows, Mac, Linux, and Android devices.
The FBI revealed it dismantled the network on Tuesday. On the same day, a Russian and Moldovan national named Sergei Makinin pleaded guilty to developing and deploying the malware, according to the Justice Department.
From 2019 to 2022, Makinin deployed IPStorm to create a botnet, or an army of infected computers, to which he could hijack access. In 2020, the malware was spotted infecting over 13,000 devices used to engage in suspected fraud activity on Steam and through online ads.
The Justice Department now says Makinin’s main goal was to sell access to the infected system through sites including proxx.io and proxx.net, enabling his buyers to commit cybercrime.
“Through those websites, Makinin sold illegitimate access to the infected, controlled devices to customers seeking to hide their internet activities,” the DOJ added. “A single customer could pay hundreds of dollars a month to route traffic through thousands of infected computers.”
Makinin’s site claimed to have access to 23,000 such proxies, and the business helped him make at least $550,000. It appears US investigators had been on Makinin’s trail, filing an indictment a year ago, which led to his arrest in January. But other details about the case are unknown since it appears some of the court documents are under seal.
Makinin now faces up to 30 years in prison. In the meantime, the FBI says it was able to dismantle IPStorm without tampering with the computers infected with the malware.