With the help of an Android malware, Russian cyber criminals were able to steal from local bank customers and were planning to move their operation to the rest of Europe. Twenty people were arrested as law enforcement tried to kill off the “Cron” malware campaign.
Russian security firm Group IB writes that the raids also thwarted plans to take the malware campaign to other countries, including the UK, Germany, France, Turkey, Singapore, Australia, and the United States.
According to the Russian Interior Ministry, the hackers managed to steal about 50 million roubles, which equals close to $900,000. Compared to other similar campaigns, this is not the largest amount hackers have managed to steal, but it is a testament to the fact that the campaign was just getting started.
The raids took place in multiple regions, but it seems the leader of the group was a 30-year-old resident of Ivanovo.
How did the scam work?
According to Group IB, the attackers infected more than a million devices, with 3,500 new devices being added each day. The infection spread by pushing people to visit fake sites posing to be the likes of PornHub, Navitel (navigation service), Framaroot (used to root Android devices), or Avito (advertising site in Russia). Text messages linking to compromised websites were also used for this scheme.
Once the victim was infected, the malware collected banking credentials and exploited the SMS banking services to steal people’s funds. The money was then transferred to over 6,000 accounts operated by the group’s members.