Russian Cyber Gang Arrested By …. Russia

The Russian Interior Ministry has announced the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot."

Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that assisted the massive investigation.

The collaboration resulted in the arrest of 16 members of the Cron group in November 2016, while the last active members were apprehended in April 2017, all living in the Russian regions of Ivanovo, Moscow, Rostov, Chelyabinsk, and Yaroslavl and the Republic of Mari El.

The Cron malware gang abused the popularity of SMS-banking services and distributed the malware onto victims' Android devices by setting up apps designed to mimic banks' official apps. The gang even inserted the malware into fake mobile apps for popular pornography websites, such as PornHub.

Once victims downloaded and installed these fake apps on their devices, the apps added itself to the auto-start and the malware hidden inside them granted the hackers the ability to phish victims’ banking credentials and intercept SMS messages containing confirmation codes sent by the bank to verify the transactions.

"After installation, the program added itself to the auto-start and could send SMS messages to the phone numbers indicated by the criminals, upload SMS messages received by the victim to C&C servers, and hide SMS messages coming from the bank," writes Group-IB.

"The approach was rather simple: after a victim’s phone got infected, the Trojan could automatically transfer money from the user’s bank account to accounts controlled by the intruders. To successfully withdraw stolen money, the hackers opened more than 6 thousand bank accounts."

The gang usually sent text messages to the banks initiating a transfer of up to $120 to one of their 6,000 bank accounts the group set up to receive the fraudulent payments.

On April 1, 2016, the gang advertised its Android banking Trojan, dubbed "Cron Bot," on a Russian-speaking forum, giving the Group-IB researchers and Russian authorities a clue to their investigation into the group's operation.

After targeting customers of the Bank in Russia, where they were living in, the Cron gang planned to expand its operation by targeting customers of banks in various countries, including the US, the UK, Germany, France, Turkey, Singapore, and Australia.

During the raids, the authorities seized computer equipment, bank cards, and SIM cards associated with the criminal gang.

HackerNews:

You Might Also Read:

Thieves Drain Protected Bank Accounts:

The Shocking State of Cybercrime in Russia:

Android Banking Trojan Xbot Is Also Ransomware:

 

 

« Workers' Rights v. Robot Jobs
How Cybersecurity Benefits from Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

CertiKit

CertiKit

CertiKit produce toolkit products that accelerate the adoption of ISO/IEC standards, including ISO 27001, helping organizations all over the world to realize the benefits as soon as possible.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

Early Warning Services

Early Warning Services

Early Warning Services identity, authentication and payment solutions empower financial institutions to make confident decisions, enable payments and mitigate fraud.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Swiss Cyber Forum (SCF)

Swiss Cyber Forum (SCF)

The Swiss Cyber Forum (SCF) builds competences and helps its members to mitigate the cyber risks associated with digitalisation.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.