Court documents unsealed this week revealed that a fourth member of the cyber-criminal gang known as FIN7 was arrested in Thailand and extradited to Seattle to face justice in the United States last week. Denys Iarmak, also known by his alias “GakTus,” is alleged to have been a hacker who participated in the compromise of computers used to operate point-of-sale cash registers at hotels, restaurants and other businesses across the United States. The criminal group coordinated their efforts to steal millions of payment card records, and then profited by selling access to the details needed to make clones of the credit cards on underground marketplaces including “Joker’s Stash,” one of the largest so-called “carding shops” on the Internet. Nearly all of FIN7’s computer intrusions used phishing email messages and phone calls to convince employees of targeted companies to open a document or spreadsheet file, which would install malware. At the time that each malicious document was sent, the malware was deliberately altered so that it would not be detected by any anti-virus program. The unsealed indictment alleges that Iarmak was responsible for making sure the malware was undetectable by anti-virus, along with sending phishing emails and other tasks. Iarmak joins fellow FIN7 conspirators Fedir Hladyr, Dmytro Fedorov and Andrii Kolpakov in the US criminal justice system. According to the indictment, however, there are still more members of the criminal group who are being investigated and remain very active in targeting US companies.