24 May 2018

Russian speaking hacker arrested for stealing 8,000 USD per day leveraging mobile malware

Law enforcement, with support from Group-IB, one of the global leaders in preventing high-tech crimes and providing high-fidelity threat intelligence and anti-fraud solutions, has arrested a 32-year-old hacker, accused of stealing funds from Russian banks’ customers using Android Trojans. At the height of their activity, victims reportedly lost between 1,500 to 8,000 dollars daily and levered crypto currency for laundering.

Group-IB’s analysis reviewed the tools and techniques leveraged in the group’s attack revealing that the gang tricked customers of Russian banks into downloading malicious mobile applications “Banks at your fingertips”. The app claimed to be an aggregator of the country’s leading mobile banking systems and promised users a ‘one-click’ access to all bank cards to view balances, transfer money from card to card, and pay for online services. The app was first discovered in 2016 and was distributed through spam emails.

The criminal group’s approach was rather elementary: customers of banks downloaded the fake mobile app and entered their card details. The Trojan then sent bank card data or online banking credentials to the C&C server. Following this, the threat actor transferred 200-500 dollars at a time to previously activated bank accounts, and bypassed SMS confirmation codes which were intercepted from the victim’s phone. The victims were not aware of the transactions as all SMS confirmations of transactions were blocked.

The investigation by authorities identified a member of the criminal group, who was responsible for transferring money from user accounts to attacker’s cards, a 32 year old unemployed Russian national who had previous convictions connected to arms trafficking. During the suspects arrest in May 2018, authorities identified SIM cards and fraudulent bank cards to which stolen funds were transferred. The suspect has confessed to his actions and the investigation/ prosecution continues.

 

How Group-IB Threat Detection System (TDS) detects the infection by a mobile Trojan

How Group-IB Threat Detection System  (TDS) detects the infection by a mobile Trojan

Learn more about TDS

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
Report an incident