Citadel is a piece of massively-distributed malware based upon Zeus.[1] It targets credentials stored in password managers such as Keepass, Password Safe and neXus Personal Security Client.[2]
By 2017 (it was first identified in 2011)[3] Citadel had infected about 11 million computers worldwide and had caused over $500 million in losses.[4]
On March 20, 2017, having been extradited from Norway to the United States, a Russian computer science professional Mark Vartanyan pleaded guilty to a computer fraud charge for his part in developing the Control Panel for Citadel. In July 2017, he was sentenced to 5 years in federal prison.[5]