Citadel was a banking trojan first seen in 2011 as an off-shoot of the Zeus banking trojan. It was a highly successful malware that stole money and personal data from millions of victims. Citadel was highly evasive, capable of bypassing most threat detection systems and remaining idle on a victim machine for months. Citadel had keylogging capabilities and would compromise password management and authentication solutions. The creator of Citadel, Dimitry Belorossov, was sentenced to four years and six months in US prison in September 2015 for conspiring to commit computer fraud. Belorossov used the Citadel trojan to infect 11 million computers around the world, creating a botnet that compromised banking credentials, credit card information, and other personally identifiable information. The FBI and Microsoft Digital Crimes Unit collaborated to disrupt the botnet. Following the dismantling of Citadel, a new variant—Atmos—has emerged, infecting victims through web injections. This new strain was recently targeting banks in France and delivering the ransomware variant TeslaCrypt.


One example of the Citadel trojan. Image Source: SecureWorks