Citadel is a piece of massively-distributed malware based upon Zeus.
[1] It targets credentials stored in password managers such as Keepass, Password Safe and neXus Personal Security Client.
[2] By 2017 (it was first identified in 2011)[3] Citadel had infected about 11 million computers worldwide and had caused over $500 million in losses.
[4] On March 20, 2017, having been extradited from Norway to the United States, a Russian computer science professional Mark Vartanyan pleaded guilty to a computer fraud charge for his part in developing the Control Panel for Citadel.
In July 2017, he was sentenced to 5 years in federal prison.