In 2013, researchers from Kaspersky Lab’s SecureList published “Online Banking Faces a New Threat” and explained the threat NeverQuest, a banking trojan, posed to the public. Three-and-a-half years after a hacker listed the malware on a forum, Spain’s Guardia Civil announced that officers arrested NeverQuest’s creator. The press release revealed that the FBI requested Interpol issue an arrest warrant for the 32-year-old Russian national, Stanislav Lisov.
Upon returning a rental car to an airport rental location on January 13, the Guardia Civil arrested Stanislav Lisov. According to the announcement, “the Civil Escape Team of the Central Operative Unit (UCO) of the Civil Guard who had detected their presence in Catalonia, after Several days of surveillance intercepted him when he intended to leave Spain on a flight bound for another EU country.” BleepingComputer wrote that the couple planned to visit friends in Lyon, France was working with dark web.
The Guardia Civil explained the Lisov arrest:
Lisov was considered a major operator of NeverQuest, having been charged among other illicit, of the creation and administration of a network of computers infected with NeverQuest using the leasing and acquisition of servers of computers used to administer that system dark web security.
A thorough investigation of the servers operated by Lisov in France and Germany revealed databases with stolen lists of information from accounts of financial institutions, with data indicating, among other things, account balances. One of the servers leased by Lisov contained files with millions of login credentials, including usernames, passwords, and security questions and answers, for the bank and financial website account