In 2009, a new banking Trojan known as SpyEye emerged, retailing for $500 on Russian underground forums. Like Zeus, SpyEye is designed to steal customer credentials and initiate transactions when a victim logs onto his/her bank account. A variant of SpyEye discovered in 2012 was able to modify displays of bank statements and balances. Newer variants of Zeus and SpyEye, generally with increasing levels of sophistication, continue to emerge in response to improvements in security defenses. In May 2013, the alleged developer and controller of SpyEye, Hamza Bendelladj, an Algerian hacker, was extradited from Thailand to the U.S. and charged with numerous count of fraud.
One of the SpyEye command and control servers sited in Atlanta, Georgia (U.S.A.) allegedly contained information from 253 different financial institutions.