A 17-year-old Russian boy is believed to be the main developer of the malicious software responsible for allowing hackers to steal credit card numbers and personal data of approximately 70 million Target customers over the holiday shopping season.
In a report released Friday, California-based cyber security firm IntelCrawler said that the so-called malware, known as BlackPOS, has infected the payment systems of six other retailers.
Earlier this month, Neiman Marcus admitted that its data systems had been hacked, and Reuters reported that at least three other retailers in addition to Neiman Marcus and Target may have been victimized as well. The Reuters report also stated that authorities believed the hackers originated from Eastern Europe, though it did not specify what country.
The IntelCrawler report said that the 17-year-old had “roots” in St. Petersburg, Russia and goes by the online nickname “ree4.”
The company’s CEO, Andrew Komarov, said that he began investigating the malware last March at the request of banking clients. Komarov stated that the malware had been downloaded at least 60 times since its creation and was being sold by its creator for approximately $2,000, with discounts offered to buyers who agreed to share any ill-gotten profits.