A cybercriminal described as the administrator of the Andromeda network has been arrested in a joint operation involving Belarus, Germany and the United States.
According to news from Reuters, national police in Belarus, working with the U.S. Federal Bureau of Investigation, said they arrested a citizen of Belarus on suspicion of selling malicious software.
The suspect is believed to be the administrator of the Andromeda network, which is a collection of “botnets,” or groups of computers, that have been infected with viruses to allow hackers to control them remotely without the knowledge of their owners.
Swedish-American cybersecurity firm Recorded Future said they have “a high degree of certainty” that the arrested hacker is “Ar3s,” who the firm has identified as the creator of the Andromeda botnet, among other hacking tools.
The firm also identified Ar3s as Sergei Yarets, a 33-year-old man living in Rechytsa, near Gomel, the second largest city in Belarus.
“Andromeda was one of the oldest malwares on the market,” said Jan Op Gen Oorths, a spokesman for Europol, the European Union’s law enforcement agency. It estimated the malicious software infected more than 1 million computers worldwide every month, on average, dating back to at least 2011.
The Belarus Ministry of Internal Affairs in Minsk said officers had seized equipment from the hacker’s offices and that he was cooperating with the investigation.
The shutdown of the Andromeda botnet was engineered by a taskforce coordinated by Europol, which included several European law enforcement agencies, the FBI, the German Federal Office for Information Security and agencies from Australia, Belarus, Canada, Montenegro, Singapore and Taiwan.
The police operation, which involved help from Microsoft and ESET, a Slovakian cybersecurity firm, was significant both for the number of computers infected worldwide and because of the number of years Andromeda had been used to distribute new viruses.