Mark Vartanyan, 29, developed and distributed the Citadel Trojan, which lets criminals steal bank account details and hold files to ransom.
US prosecutors said it had infected about 11 million computers worldwide.
He pleaded guilty to one count of computer fraud, in a court in Atlanta, after being extradited from Norway.
Launched in 2011, Citadel was marketed on invitation-only, Russian-language internet forums used by cybercriminals.
Its users had targeted the computer networks of major financial and government institutions around the world, prosecutors said.
'Illicit functionality'
Vartanyan admitted to the "development, improvement, maintenance and distribution" of Citadel between 2012 and 2014 while living in Ukraine and Norway.
Operating under the alias Kolypto, he uploaded "numerous electronic files" that consisted of Citadel malware, components, updates and patches, as well as customer information.
Earlier in March, David LeValley, special agent at the FBI Atlanta Office, said Vartanyan's arrest removed "a significant player" from the resources available to cybercriminals.
"We must continue to impose real costs on criminals who believe they are protected by geographic boundaries and can prey on the American people," he said.
Vartanyan agreed to cooperate with prosecutors in exchange for a reduced prison term. He will be sentenced in June.
In September 2015, a US court sentenced Russian citizen Dimitry Belorossov to four years and six months in prison after he admitted distributing and installing Citadel on to computers.
The Department of Justice said its investigation into the creator of Citadel continued.
More about: #cybersecurity