U.S. prosecutors unsealed indictments charging a Russian national linked to Bugat/Zeus banking malware used to steal credentials and commit large‑scale bank fraud. The State Department announced a reward reportedly up to $5 million for information leading to arrest or conviction.

Federal prosecutors unsealed indictments and complaints alleging that operators of long‑running banking malware families such as Bugat and Zeus stole customer credentials and executed extensive bank fraud campaigns that siphoned funds from financial institutions and consumers. The filings identify a Russian national reported in press coverage as a central figure and outline a multiyear scheme that used malware to harvest online banking credentials, bypass multifactor protections and move proceeds through mule networks and layered transfers. Alongside the unsealed charges, the U.S. State Department announced a reward, reported at up to $5 million, for information leading to the arrest or conviction of the key alleged operator, signaling high priority for dismantling the malware infrastructure and apprehending high‑value targets. Prosecutors said the indictments reflect coordinated investigative work across law enforcement agencies and international partners, and they described ongoing efforts to disrupt banking fraud proceeds and to identify co‑conspirators and money‑movement networks. The actions underline persistent risks to financial institutions and consumers from sophisticated malware and the U.S. commitment to pursue transnational cybercriminal operators.