Russian Cyber Gang Arrested By …. Russia

Uploaded on 2017-06-06 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

The Russian Interior Ministry has announced the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot."

Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that assisted the massive investigation.

The collaboration resulted in the arrest of 16 members of the Cron group in November 2016, while the last active members were apprehended in April 2017, all living in the Russian regions of Ivanovo, Moscow, Rostov, Chelyabinsk, and Yaroslavl and the Republic of Mari El.

The Cron malware gang abused the popularity of SMS-banking services and distributed the malware onto victims' Android devices by setting up apps designed to mimic banks' official apps. The gang even inserted the malware into fake mobile apps for popular pornography websites, such as PornHub.

Once victims downloaded and installed these fake apps on their devices, the apps added itself to the auto-start and the malware hidden inside them granted the hackers the ability to phish victims’ banking credentials and intercept SMS messages containing confirmation codes sent by the bank to verify the transactions.

"After installation, the program added itself to the auto-start and could send SMS messages to the phone numbers indicated by the criminals, upload SMS messages received by the victim to C&C servers, and hide SMS messages coming from the bank," writes Group-IB.

"The approach was rather simple: after a victim’s phone got infected, the Trojan could automatically transfer money from the user’s bank account to accounts controlled by the intruders. To successfully withdraw stolen money, the hackers opened more than 6 thousand bank accounts."

The gang usually sent text messages to the banks initiating a transfer of up to $120 to one of their 6,000 bank accounts the group set up to receive the fraudulent payments.

On April 1, 2016, the gang advertised its Android banking Trojan, dubbed "Cron Bot," on a Russian-speaking forum, giving the Group-IB researchers and Russian authorities a clue to their investigation into the group's operation.

After targeting customers of the Bank in Russia, where they were living in, the Cron gang planned to expand its operation by targeting customers of banks in various countries, including the US, the UK, Germany, France, Turkey, Singapore, and Australia.

During the raids, the authorities seized computer equipment, bank cards, and SIM cards associated with the criminal gang.

HackerNews:

You Might Also Read:

Thieves Drain Protected Bank Accounts:

The Shocking State of Cybercrime in Russia:

Android Banking Trojan Xbot Is Also Ransomware:

 

 

« Workers' Rights v. Robot Jobs
How Cybersecurity Benefits from Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

itWatch

itWatch

itWatch is focused on data loss prevention (DLP), endpoint security, mobile security, encryption, and cost reducing solutions for IT operations.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Toka Group

Toka Group

Toka empowers government agencies with critical and previously out-of-reach digital forensics, force protection and Intelligence capabilities, tackling the fields' most pressing challenges.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

Tailscale

Tailscale

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.