A Russian and a Moldovan were arrested in Europe with suspicion of being among the key masterminds behind the malicious Citadel and Dridex banking malware.

Authorities in Europe allege that the two suspects who were either staying together or traveling together were the ones behind the making as well as the deployment of this malware. Both suspects were arrested outside their native countries and are facing extradition to the U.S.

In Paphos, a coastal tourist destination in Cyprus, a 30 year old man was arrested recently. The man who is from Moldova and wanted in the US was allegedly staying with his wife at the time of the arrest. Apart from the fact that the authorities believe that the man was responsible for bank fraud of more than $3.5M using his PC, there were no other details available in the Cyprus Mail.

The man is also alleged to be an important player in the development of the sophisticated malicious bank malware called Dridex. This malware is also known as ‘Cridex, Bugat’. According to a reliable source inside the investigating team, the crime gang that this man belonged has so far managed to steal over $100 million worldwide. This Dridex gang is thought to have evolved from the Eastern Europe cybercrime gang ‘Business Club’.

The Gameover Zeus Botnet was a complex and sophisticated cybercrime network that operated globally and which had affected more than 500,000 PCs before mid 2014. In June 2014 international law enforcement agencies which included the US Department of Justice started working together to bring down this Business Club’s strategic asset. This malware had been used many times for cyberheists. In July 2014, just a month after the breaking up of The Gameover, Dridex started being seen.

Meanwhile, Norwegian press reported that ‘Mark’, a Russian national was arrested in Fredrikstad, Norway. The 27 year old man was arrested on request from the FBI. According to the FBI, Mark is the man responsible for the development and deployment of Citadel. This malware is a service product that is thought to have been used in numerous cyberheists targeting European and American small businesses.

According to authorities, it is believed that the Pennsylvania heating and air conditioning vendor whose clients’ usernames and passwords were stolen was a target of Citadel. It is using these same stolen details that Citadel managed to breach and steal from over 40 million credit cards issued by Target Corp in late 2013.