Skip to main content
Press Release

Romanian Extradited to the United States, Charged With Selling Stolen Credit Card Information Obtained via Malware

For Immediate Release
U.S. Attorney's Office, Northern District of Texas

A Romanian hacker has been charged with selling millions of stolen credit card numbers obtained through the use of malware, announced U.S. Attorney for the Northern District of Texas Chad E.  Meacham.

Sorin Becheru, a 34-year-old Romanian citizen living in Bucharest, was charged in March 2021 with conspiracy to commit fraud in connection with access devices. Mr. Becheru was arrested by Romanian authorities on Jan. 1, 2022 based on a request from the United States and in accordance with the bilateral extradition treaty between the United States and Romania. On March 3, 2022, FBI agents flew Mr. Becheru from Bucharest to Dallas. He made his initial appearance before U.S. Magistrate Judge Rebecca Rutherford on March 4.

“Malware is an increasingly insidious threat to U.S. companies and consumers. With just a few keystrokes, sophisticated hackers can compromise millions of accounts,”  said U.S. Attorney Chad Meacham. “The Justice Department will not hesitate to pursue cyber criminals, including those who operate abroad. In the meantime, we encourage Americans to take steps to guard their personally identifiable information online.”

“Financially motivated cybercrime is attractive to a wide range of actors and its results can be devastating for affected consumers and businesses,” said Dallas FBI Special Agent in Charge Matthew DeSarno. “We will continue our proactive private sector engagement for incident response, mitigation, and prevention, and will seek justice for the millions affected by this type of fraudulent activity.”

According to the indictment, Mr. Becheru and his coconspirators allegedly used point-of-sale memory scraping malware to obtain consumers’ credit card information from victim servers located in the U.S. They then allegedly sold the numbers on darkweb carding forums, including “Vendetta” and “Tony Montana.” Buyers used the stolen credit card numbers to purchase goods and services. 

Mr. Becheru – who used various online identities, including “,”, and – allegedly possessed and sold credit card information for millions of cards. At one point, he was in possession of information for more than 240,000 credit cards belonging to victims located in the Northern District of Texas and elsewhere.

An indictment is merely an allegation of wrongdoing, not evidence. Mr. Becheru is presumed innocent unless and until proven guilty in a court of law.

If convicted, he faces up to five years in federal prison.

The Federal Bureau of Investigation and the United States Secret Service conducted the investigation in partnership with the Romanian National Police and the Romanian Ministry of Justice’s Directorate for Investigation of Infractions of Organized Crime and Terrorism (DIICOT). The Justice Department’s Office of International Affairs was instrumental in the extradition. Assistant U.S. Attorney Sid Mody is prosecuting the case.


Erin Dooley
Press Officer

Updated March 4, 2022