Russian Cyber Gang Arrested By …. Russia

The Russian Interior Ministry has announced the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot."

Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that assisted the massive investigation.

The collaboration resulted in the arrest of 16 members of the Cron group in November 2016, while the last active members were apprehended in April 2017, all living in the Russian regions of Ivanovo, Moscow, Rostov, Chelyabinsk, and Yaroslavl and the Republic of Mari El.

The Cron malware gang abused the popularity of SMS-banking services and distributed the malware onto victims' Android devices by setting up apps designed to mimic banks' official apps. The gang even inserted the malware into fake mobile apps for popular pornography websites, such as PornHub.

Once victims downloaded and installed these fake apps on their devices, the apps added itself to the auto-start and the malware hidden inside them granted the hackers the ability to phish victims’ banking credentials and intercept SMS messages containing confirmation codes sent by the bank to verify the transactions.

"After installation, the program added itself to the auto-start and could send SMS messages to the phone numbers indicated by the criminals, upload SMS messages received by the victim to C&C servers, and hide SMS messages coming from the bank," writes Group-IB.

"The approach was rather simple: after a victim’s phone got infected, the Trojan could automatically transfer money from the user’s bank account to accounts controlled by the intruders. To successfully withdraw stolen money, the hackers opened more than 6 thousand bank accounts."

The gang usually sent text messages to the banks initiating a transfer of up to $120 to one of their 6,000 bank accounts the group set up to receive the fraudulent payments.

On April 1, 2016, the gang advertised its Android banking Trojan, dubbed "Cron Bot," on a Russian-speaking forum, giving the Group-IB researchers and Russian authorities a clue to their investigation into the group's operation.

After targeting customers of the Bank in Russia, where they were living in, the Cron gang planned to expand its operation by targeting customers of banks in various countries, including the US, the UK, Germany, France, Turkey, Singapore, and Australia.

During the raids, the authorities seized computer equipment, bank cards, and SIM cards associated with the criminal gang.

HackerNews:

You Might Also Read:

Thieves Drain Protected Bank Accounts:

The Shocking State of Cybercrime in Russia:

Android Banking Trojan Xbot Is Also Ransomware:

 

 

« Workers' Rights v. Robot Jobs
How Cybersecurity Benefits from Hackers »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.

ZehnTek

ZehnTek

ZehnTek is a premier technology solutions provider, committed to offering comprehensive IT services tailored to meet the diverse needs of businesses.