Russian Malware Developer Behind ‘NLBrute’ Faces Five Years in Prison

A Russian national extradited to the US from the country of Georgia is about to spend five years behind bars after pleading guilty to developing and selling malware used in various cybercrimes.

28-year-old Dariy Pankov, aka dpxaker, was extradited last year to the United States from the Eastern European nation, charged with developing and selling NLBrute, a piece of malware designed to enable various illicit activities.

NLBrute debuted in 2016 on cybercrime forums, selling for US$250. It enabled brute-forcing RDP credentials at scale over the years, making it a popular tool among ransomware actors, tax fraudsters and others.

According to his plea agreement, Pankov admitted to developing the powerful malware, described as “capable of compromising protected computers by decrypting login credentials, such as passwords.”

Pankov allegedly used NLBrute to obtain the login credentials of tens of thousands of computers around the world.  He sold the stolen login credentials on the dark web on forums and websites specialized in the purchase and sale of access to compromised computers.

“Once sold, those credentials were used to facilitate a wide range of illegal activity, including ransomware attacks and tax fraud,” according to the US Department of Justice. “Pankov listed the credentials of more than 35,000 compromised computers for sale on the website, and obtained more than $350,000 in illicit proceeds.”

The man also marketed and sold NLBrute to other cybercriminals for a fee, and had others sell on his behalf as well.

Pankov faces up to five years in prison after pleading guilty to conspiracy to commit access device fraud and computer fraud. Pankov has also agreed to forfeit $358,437, the proceeds of the charged criminal conduct. The sentencing date has yet to be set.

NLBrute has lost its popularity in recent times, but cracked versions of the malware can still be found in the wild.