Bulgarian Charged with GozNym Malware Attacks in the U.S.

Dec. 12 – A Bulgarian man has been indicted by a federal grand jury in Pittsburgh in connection with a sophisticated malware package known as GozNym, designed to steal banking credentials and other confidential personal information from infected computers.

The six-count indictment, returned on Oct. 4, 2016, and unsealed today, named Krasimir Nikolov, age 44, of Varna, Bulgaria, as the sole defendant. Count One charges Nikolov with criminal conspiracy; Count Two charges unauthorized access of a computer to obtain financial information; and Counts Three through Six charge bank fraud. The indictment alleges that Nikolov acquired victims’ stolen banking credentials through GozNym malware infections of victims’ computers to gain unauthorized access to victims’ online bank accounts from which electronic funds transfers were issued or attempted to be issued.

Last week Acting U.S. Attorney Song and other members of the Justice Department announced a multi-national operation to dismantle a complex and sophisticated criminal network known as Avalanche which hosted more than two dozen of the world’s most pernicious types of malware, to include GozNym, and several money laundering campaigns. The prosecution of Krasimir Nikolov stems from the criminal investigation into the Avalanche network and the malware campaigns it hosted.

Among the numerous GozNym attacks that occurred throughout the United States, the indictment names the following:

  • Nord-Lock, Inc., a bolt-manufacturing company headquartered in Carnegie, Pa., was the victim of an attempted unauthorized wire transfer of $387,500 from its online account at PNC Bank to an account in Sofia, Bulgaria.
  • Protech Asphalt Maintenance, Inc., an asphalt and paving business located in New Castle, Pa., was the victim of several attempted unauthorized wire transfers totaling more than $243,000 from its online account at First National Bank.
  • Foresight Sports, Inc., a company that provided technology-based golf products and was located in San Diego, California, was the victim of attempted unauthorized wire transfers totaling more than $118,000 from its online account at American Express Foreign Exchange Service Payments.
  • California Furniture Collection, Inc., (DBA Artifacts International) a furniture business located in Chula Vista, California, was the victim of several attempted unauthorized wire transfers totaling more than $737,000 from its online account at CommerceWest Bank.

Nikolov was arrested at his residence in Varna, Bulgaria, on September 8, 2016. He was extradited to the United States over the past weekend, and made his initial appearance in federal court in Western Pennsylvania today at 3:30 p.m.

The law provides for a maximum total sentence of up to 100 years in prison and a fine of $3,500,000. Under the Federal Sentencing Guidelines, the actual sentence imposed would be based upon the seriousness of the offense and the prior criminal history of the defendant.


An indictment is an accusation. A defendant is presumed innocent unless and until proven guilty.

SOURCE: U.S. Attorney’s Office, Western District of Pennsylvania

About the author: Dissent

Comments are closed.