The UK courts have sentenced a cyber criminal duo responsible for a SpyEye campaign that stole an estimated £100,000 from victims across Europe to nine years in jail.
The Police Central eCrime Unit (PCeU) confirmed that Lithuanian Pavel Cyganok and and Estonian Ilja Zakrevski have been found guilty and sentenced on Monday.
"Two men who used malicious computer software to steal the personal banking details for unsuspecting victims have been sentenced to nine years for offences under the Computer Misuse Act" the PCeU said in a statement.
A third man, identified as Latvian Aldis Krummins, received a lighter two years sentence for helping the two launder the ill-gotten gains.
The men reportedly used the SpyEye malware to steal victims' banking details. The scheme made money using the stolen information to purchase and resell luxury items online.
The PCeU estimates that the criminals' scheme earned them around £100,000.
SpyEye is a form of malware commonly available for purchase online through various illegal black markets.
Security experts, including Sophos head of technology Paul Ducklin, have praised the PCeU for its involvement in the takedown.
"Convictions for malware-related cyber-criminality are uncommon, notably because of the international jurisdictional complexities of investigating and prosecuting such offences," wrote Ducklin in a blog post.
"Despite the challenges, however, the cops sometimes do get their man - or men. We think it's worth reminding you when this happens.
The takedown follows warnings from F-Secure security chief Mikko Hypponen that online crooks are creating new and innovative business models designed to improve their campaigns' profitability.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance