Suspected gang behind the $850 million Butterfly botnet arrested

Graham Cluley
Graham Cluley
@[email protected]

Evil butterfly. Image from ShutterstockThe FBI has announced that 10 individuals have been arrested, suspected of involvement in infecting 11 million computers with spyware that led to an alleged $850 million in losses.

The FBI is said to have worked in co-ordination with law enforcement agencies around the world on the investigation.

The suspected gang were arrested in Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States, as international computer crime cops linked the individuals with the Yahos malware.

According to the FBI, the Yahos malware threat compromised 11 million PCs worldwide, forming the Butterfly botnet, and stole computer users’ credit card details, as well as bank account information, and other personal data that could lead to identity theft.

Sign up to our free newsletter.
Security news, advice, and tips.

Typically, computers became infected through the oldest trick in the book – duping unsuspecting users into running an executable program that installed the malware. The malware managed to spread its impact by spreading via popular instant messaging services as well as social networks such as Facebook and MySpace.

The FBI has publicly thanked the security team at Facebook for providing assistance with the investigation, providing data that helped identify the perpetrators and – importantly – those who had been affected by the malware.

The authorities certainly should be applauded for investigating those alleged to be behind the Yahos malware and Butterfly botnet. Computer crime cases like this can often be complicated, and cover multiple jurisdictions and time zones.

Once again, it’s a good reminder to all of us who use computers that we should not be dissuaded from reporting a malware attack simply because “the bad guys are probably based in a country far far away”.

It would be a crying shame if the authorities were able to determine who they believed was responsible for malware or a botnet, but was unable to dig up any victims. Thankfully, with the help of Facebook, that hasn’t happened on this occasion.

(By the way, don’t confuse the Yahos/Butterfly botnet with the Mariposa botnet. It’s an easy mistake to make as “Mariposa” is Spanish for “butterfly”).

Evil butterfly image from Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.