Russian Cyber Gang Arrested By …. Russia

Uploaded on 2017-06-06 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

The Russian Interior Ministry has announced the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot."

Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that assisted the massive investigation.

The collaboration resulted in the arrest of 16 members of the Cron group in November 2016, while the last active members were apprehended in April 2017, all living in the Russian regions of Ivanovo, Moscow, Rostov, Chelyabinsk, and Yaroslavl and the Republic of Mari El.

The Cron malware gang abused the popularity of SMS-banking services and distributed the malware onto victims' Android devices by setting up apps designed to mimic banks' official apps. The gang even inserted the malware into fake mobile apps for popular pornography websites, such as PornHub.

Once victims downloaded and installed these fake apps on their devices, the apps added itself to the auto-start and the malware hidden inside them granted the hackers the ability to phish victims’ banking credentials and intercept SMS messages containing confirmation codes sent by the bank to verify the transactions.

"After installation, the program added itself to the auto-start and could send SMS messages to the phone numbers indicated by the criminals, upload SMS messages received by the victim to C&C servers, and hide SMS messages coming from the bank," writes Group-IB.

"The approach was rather simple: after a victim’s phone got infected, the Trojan could automatically transfer money from the user’s bank account to accounts controlled by the intruders. To successfully withdraw stolen money, the hackers opened more than 6 thousand bank accounts."

The gang usually sent text messages to the banks initiating a transfer of up to $120 to one of their 6,000 bank accounts the group set up to receive the fraudulent payments.

On April 1, 2016, the gang advertised its Android banking Trojan, dubbed "Cron Bot," on a Russian-speaking forum, giving the Group-IB researchers and Russian authorities a clue to their investigation into the group's operation.

After targeting customers of the Bank in Russia, where they were living in, the Cron gang planned to expand its operation by targeting customers of banks in various countries, including the US, the UK, Germany, France, Turkey, Singapore, and Australia.

During the raids, the authorities seized computer equipment, bank cards, and SIM cards associated with the criminal gang.

HackerNews:

You Might Also Read:

Thieves Drain Protected Bank Accounts:

The Shocking State of Cybercrime in Russia:

Android Banking Trojan Xbot Is Also Ransomware:

 

 

« Workers' Rights v. Robot Jobs
How Cybersecurity Benefits from Hackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

Deep Identity

Deep Identity

Deep Identity is a boutique system integrator, with expertise in tailored identity governance & administration (IGA) and identity access management (IAM) solutions.

AGAT Software

AGAT Software

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

IQ Solutions

IQ Solutions

IQ Solutions is a Digital Integrator and an ICT Services Provider, focusing on innovative Cyber Secured ICT managed solutions tailored to the needs of the Maritime Industry.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.

Ryan Financial Lines

Ryan Financial Lines

Ryan Financial Lines Cyber provides risk transfer solutions for complex cyber and technology exposures, globally.

INT3L

INT3L

The INT3L group (formerly Defentek) is a provider of national security and intelligence solutions, systems and services.

RevEng.AI

RevEng.AI

RevEng.AI is designed to rigorously validate the integrity of software supply chains at a binary level, ensuring uncompromising security and trustworthiness in digital ecosystems.