Russian national accused of developing, selling malware appears in U.S. court

A Russian national accused of developing and licensing the “NLBrute” malware and selling at least 35,000 compromised logins appeared in a Florida federal court on Tuesday facing charges of conspiracy, access device fraud and computer fraud.

Dariy Pankov, also known as “dpxaker,” was arrested in the Republic of Georgia on Oct. 4, 2022 and was recently extradited to the United States, U.S. Attorney Roger B. Handberg said in a statement Wednesday. Pankov faces a maximum of 47 years in federal prison if convicted on all counts, Handberg said.

Pankov stands accused of developing NLBrute — also known as nl.exe or nlbrute.exe — and advertising it for sale on an underground forum as early as June 2016, according to an indictment unsealed this week. During that time he also sold more than 35,000 compromised login credentials for access to systems around the world, including in the United States, France, the United Kingdom, Italy and Australia. At least two of those sales were to undercover U.S. law enforcement officers, according to the indictment, and involved login credentials for two separate Florida-based law firms.

Credentials sold by Pankov were “used to facilitate a wide range of illegal activity, including ransomware attacks and tax fraud,” Handberg’s statement said.

Between August 2016 and January 2019 Pankov netted nearly $360,000 from both credential sales and offering access to NLBrute, prosecutors allege. The indictment was originally filed in April 2019 and includes notice that the government intends to take $358,437 in restitution.

“Mr. Pankov maintains his innocence and looks forward to his day in court,” his attorney, Igor Litvak, told CyberScoop in an email. “He has plead not guilty.”

Updated Feb. 23, 2023: This story has been updated to include a statement from Pankov’s attorney, Igor Litvak.