Five men have been arrested by the Russian police in connection with an attempt to hack online bank accounts of customers using a Trojan Android malware.
The gang, according to police, confessed to the crime and admitted to having stolen about 50 million rubles (which is about US $930,000). Amongst the men arrested is a 25-year-old expert who has been identified as the person behind Svpeng banking malware.
Russian investigators said that the malicious malware was first distributed via SMS messages, which contained a link to a booby-trapped version of the popular Adobe Flash Player.
After the malware is injected, the Svpeng Android malware performed several dirty tricks: First, it can display a fake login page for banks, with spaces for entering banking login details and passwords. The hackers then can use the information to transfer money from their victim’s account to the one that is under their control via SMS banking services. The malware is so advanced that it can intercept any messages sent by the victim’s bank to Android smartphone that has been compromised. It can also grab the confirmation code of the transfer without the victim’s knowledge.
A report in Forbes said that the malware could have breached not just banks in Ukraine and Russia, but also those of apps belonging to Western banks such as the Citi Bank and Wells Fargo.
What makes the malware so believable is that it displayed bogus official-looking “warnings” on victims’ Android phones or tablets, claiming to be that of FBI notifications that their phones have been “locked” because the device was used for visiting porno sites. The fake ransomware warnings even put up a $200 penalty so that authorities can fix the device again.
Group-IB, a security firm, which has been helping authorities in the case, said that the Svpeng trojan can also fool users into entering their credit card details into a phishing window instead of doing it on the real Google Play interface which is used for making app purchases. Once the stolen information is in their hands, the criminals can easily get access to the victim’s account and fill their pockets.
The Russian home ministry, which admitted that the arrests were made a few weeks back, however, did not give the exact date when the gang members were apprehended. Some reports suggest that police arrested them as early as March 24th. Russian media reports said that computers, phones, credit cards and other hi-tech equipment were seized from the suspects’ houses. In addition, their “Fifth Reich” admin console, which helped them manage victims’ accounts, was also uncovered.
The admin console – replete with a Nazi symbols – gave the hackers direct access to statistics on how many devices have been compromised and also their whereabouts, thus enabling them when to strike.