Russian Police Arrest Eight In Bank Malware Scheme

Notorious cybercriminal gang used the Carberp and RDP-door Trojans to snare victims

Dark Reading Staff, Dark Reading

March 20, 2012

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Law enforcement officials in Russia have arrested eight men suspected of being involved in a massive scheme using the notorious Carberp Trojan.

The men were arrested after a joint investigation by the Russian Ministry of Internal Affairs (MVD) and Federal Security Service (FSB). According to the MVD, the investigation found that two brothers were the ringleaders of the gang, and developed a plan to steal money from the accounts of online banking customers.

Estimates on how much the gang stole vary. The MVD said the gang is suspected of stealing as much as 60 million rubles (roughly $2 million), but an estimate from Russian security firm Group-IB put the amount at more than twice that in the last quarter.

The gang used the Carberp and RDP-door Trojans to snare victims. Carberp is a well-known Trojan that was recently seen on Facebook as part of a scam where attackers notify Facebook users that their accounts are temporarily locked. All they had to do to get them back was provide their first and last names, email addresses, dates of birth, passwords, and a 20-euro Ukash voucher.

In this case, the goal is to grab the victim's banking information. Once the victim's computer was infected, the attackers would target their banking credentials. With the credentials in tow, the gang sent orders to transfer funds from client bank accounts to accounts under their control, and then made off with the money, the ministry said.

Police investigators were assisted in the case by Group-IB, which noted that the gang hacked popular websites -- including media sites and online stores -- and infected them with malware in order to hit Web surfers with drive-by downloads. According to the firm, the stolen funds were cashed via bank cards, and the gang even went so far as to open an office under the guise of a data recovery company.

"Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infection," Group-IB CEO Ilya Sachkov said in a statement.

In addition to bank fraud, the gang was also involved in distributed denial-of-service attacks, the security firm found.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

2012

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights