In an unexpected turn of events, the suspected Russian author of the BlackPOS (or Kaptoxa) has confirmed that he was, indeed, the one who developed it.
As a reminder: researchers from intelligence aggregator InterCrawler have analysed months of posts on underground forums and were pretty sure that the malware was created and put on sale by someone who dubbed himself “ree4”.
Using that information as a starting point, they tracked him down to a Vkontakte profile that said his name was Rinat Shabaev, and that he seemed to be a 17-year-old from St. Petersburg.
As it turns out, they were partially right – Rinat Shabaev did develop the malware, but he isn’t a teenager, and he lives in Saratov, the capital of the homonymous Russian region.
23-year-old Shabaev has agreed to an interview with LifeNews (via Google Translate), in which he explained that he didn’t write the malware from scratch, but merely added functionality to it.
He claims that the malware was not designed specifically for data theft, but as a testing tool to check whether the database to which the data is to be sent is vulnerable. Still, he admits that it can be used for criminal purposes.
He also says that he modified the malware in cooperation with another hacker, but says he doesn’t know who he is or where he lives – he met him on the Internet.
He never intended to use the application himself, but wanted to sell it to others who might. In the end, he says, he turned it over to his partner. He is now looking for a normal, stable job, he concluded.