The US Department of Justice has recently announced that two Romanian cybercriminals have been convicted of 21 counts after infecting 400,000 individual computers with malware to mine cryptocurrency and steal users’ data.

The announcement notes that Bogdan Nicolescu, 36, and Radu Miclaus, 37, pleaded guilty to the charges and ran their operation from Bucharest, in Romania. It started off in 2007 with the creation of proprietary malware, that would be installed on victims’ devices when they clicked a specific file.

Initially, the group used emails posing as legitimate organizations to get victims to click on an attached file. They then harvested email addresses form the infected devices, to send over more malicious emails.

Moreover, when victims visited websites like Facebook and PayPal, the cybercriminals redirected them to identical websites that would steal their data once it was entered. Financial data would be used to steal victims’ funds, while other data would then be sold on the dark web.

The Romanian duo also used the funds to pay for Virtual Private Networks (VPNs) which helped them remain anonymous. The operator later on started seeing them post fraudulent listings to websites like eBay, to get users to click on a file infected with malware.

Overall, the operation netted the two cybercriminals millions of dollars. They’re set to be sentenced on August 14. The DOJ’s announcement comes after Romania extradited scammers to the US over a cryptocurrency-related scheme.