Neverquest Gang Takes Leave — Is It the End of the Quest?

I’ll bet no one is missing the Neverquest Trojan, and maybe that’s why many have not even realized one of the top cybergang-operated malware codes has taken a substantial plunge this year.

The Neverquest Trojan, a consistent occupant of the top 10 most active banking Trojans in the world, has suffered a blow due to the arrest of one of its alleged authors in January 2017. The 32-year-old Russian national, Stanislav Lisov, was detained by Spanish police in Barcelona based on an FBI warrant that asserted he was the developer of the nefarious Neverquest malware.

While an arrest is indeed a major ordeal for any cybercrime gang, others, such as Gozi and Dridex, went through the same occurrence and continue to top the charts. So, what’s been happening with the Neverquest gang?

One Quarter Brings One Big Fall

Looking back at where Neverquest has been the past two years clarifies the size of the usage plunge since Lisov’s pivotal arrest.

IBM X-Force data shows that in 2015, Neverquest was second only to the Dyre Trojan, which topped the financial malware charts that year. In 2016, after Dyre’s disappearance, Neverquest took its place as the most active banking Trojan in the cybercrime arena. X-Force data showed that it was only in late 2016 that new Zeus variations started rising in underground forums and pushed Neverquest down to second rank.

Read the rest of this post here.