A Russian national has pleaded guilty to conspiracy to commit wire and bank fraud by developing and distributing the malicious software known as SpyEye.
Aleksander Panin, also known as "Gribodemon" and "Harderman", was the primary developer of the sophisticated computer code that could automate the theft of confidential personal and financial information, including credit card details, passwords and PINs.
"As several recent and widely reported data breaches have shown, cyber-attacks pose a critical threat to our nation's economic security," said United States Attorney Sally Quillian Yates.
It is estimated that SpyEye infected more than 1.4 million computers worldwide between 2009 and 2011.
According to Yates, the virus was able to secretly infect victims' computers, allowing cyber-criminals to remotely access and control them, before stealing information.
Assistance in tracking down Panin was provided by private sector partners, including Trend Micro.
Rik Ferguson, vice president of security research at Trend Micro, said that the company had first stated looking into SpyEye almost four years ago.
"We mapped out the infrastructure used to support the malware, we identified weak points in that infrastructure and pursued a number of important leads pointing to the identities of individuals behind this pernicious banking Trojan," Ferguson said.
"Once we felt that we had sufficient information we involved law enforcement who drove it to the successful conclusion you see today."
Such an outcome, Ferguson claims, illustrates the importance of targeting the people behind online crime, rather than just the infrastructure they exploit.
"Panin was the architect of a pernicious malware known as SpyEye that infected computers worldwide. And now he is being held to account for his actions," Yates said.
"Cyber criminals be forewarned—you cannot hide in the shadows of the Internet. We will find you and bring you to justice."
Sentencing for Panin is scheduled for April 29, 2014.