International cyber criminals hit bank customers:
International cyber criminals hit bank customers in a report. Russian international cyber criminals used malware planted. On Android mobile devices to steal from domestic bank customers. And were planning to target European lenders. Before their arrest, investigators and sources with knowledge of the case told Reuters. Their movement raised a relatively small sum. By cyber-crime standards. More than 50 million roubles ($892,000). But they had also obtained more sophisticated malicious software. For a modest monthly fee to go after the clients of banks in France. And probably a range of other western nations.
Russia’s relationship to international cyber crime is under intense scrutiny. “International cyber criminals hit bank customers”. After US intelligence officials alleged. That Russian hackers had tried to help Republican. Donald Trump win the US presidency by hacking Democratic Party servers. The Kremlin has repeatedly rejected the allegation.
How did international cyber criminals done it:
The gang members tricked the Russian banks’ customers into downloading malware. Via fake mobile banking applications. As well as through the medium of pornography. And e-commerce programmes, according. To a report compiled by cyber security firm Group-IB. Which investigated the attack with the Russian Interior Ministry.
16 suspects were arrested by Russian law enforcement authorities in November last year. Infected more than a million smartphones in Russia. On average compromising 3,500 devices a day, Group-IB said. The hackers targeted customers of state lender Sberbank. And also stole cash from accounts at Alfa Bank & online payments company. Qiwi, exploiting weaknesses. In the companies SMS text message transmission services, said (2) people with direct knowledge of the case.
Plan of international cyber criminals:
International cyber criminals hit bank customers. Although operating only in Russia before their arrest. They had developed plans to target large European banks. Including French lenders Credit Agricole. BNP Paribas and Societe Generale, Group-IB said. A BNP Paribas spokeswoman said the bank could not confirm this information. But added that it “has a significant set of measures in place. Aimed at fighting cyber attacks on a daily basis”. Societe Generale & Credit Agricole refused comment.
The gang, which was called “Cron” after the malware it used. Did not steal any funds from customers of the three French banks. However. It exploited the bank service in Russia that allows users to transfer small sums. To other accounts by sending an SMS message.
Way of Attack:
International cyber criminals hit bank customers through fake SMS. Having infected the users’ phones, the gang sent SMS messages from those devices. Instructing the banks to transfer money to the hackers’ personal accounts. The findings illustrate the threats of using SMS messages for mobile banking. A method favoured in emerging countries. With less advanced internet infrastructure, said Lukas Stefanko. A malware researcher at cyber security firm ESET in Slovakia.
“It’s becoming popular among developing nations or in the countryside. Where access to conventional banking is painful for people,” he said “. For them it is quick, easy and they don’t need to visit a bank. But security always has to outweigh consumer convenience”.
The Russian Interior Ministry said a number of people had been arrested. Including what it described as the gang chief. This was a 30-year-old man living in Ivanovo, an industrial city 300 km (185 miles) northeast of Moscow. From where he had commanded a team of 20 people across six different regions.
Statment of Government:
Four people remain in detention. While the others are under house arrest. The ministry said in a statement. “In the course of 20 searches across six regions. Police seized computers, hundreds of bank cards. And SIM cards registered beneath bogus names,” it said.
Group-IB said the existence of the Cron malware. Was first detected in mid-2015. And by the time of the arrests. The hackers had been using it for under a year. The root members of the group were detained on Nov. 22 last year in Ivanovo. Photographs of the operation released by Group-IB showed one fishy face down. In the snow as police in ski masks shackled him. The “Cron” hackers were arrested before. They could mount attacks outside Russia. But plans to do. That were at an advanced stage, said the investigators.
Group-IB said that in June 2016 they had rented a piece of malware. Designed to attack mobile banking systems, called “Tiny.z” for $2,000 a month. The creators of the “Tiny.z” malware had adapted it to attack banks. In Britain, Germany, France, the United States and Turkey, among other countries. The “Cron” gang developed software designed. To attack lenders including the three French companies. It said, adding it had notified these & other European banks at risk.
Cyber criminals are working against Sberbank:
A spokeswoman for Sberbank said. She had no information about the group involved. However, she said: “Several groups of cyber criminals are working across Sberbank. The number of groups and the methods they use to attack us change constantly”. “It isn’t clear which specific group is being referred to here. Because the fraudulent scheme. Involving Android OS (operating system) viruses is widespread in Russia. And Sberbank has effectively combated it for an extensive period of time.”Alfa Bank did not arrange a comment. Qiwi did not respond to multiple requests for comment.
Google, the maker of Android, has taken steps in recent years to protect users from downloading malicious code. And by blocking apps which are troubled, impersonate legitimate companies or engage in ambiguous behaviours. A Google spokesman said: “We’ve tracked this malware family (international cyber) for a few years. And will continue to take action on its variants to protect our users”.
International cyber criminals hit bank customers through fake apps:
The Russian authorities, bombarded. With allegations of state-sponsored hacking, are keen. To show Russia too is a frequent victim of cyber crime. And that they are working hard to combat it. The interior and emergencies ministries, as well as Sber bank, said. They were targeted in a global cyber attack earlier this month.
International cyber criminals hit bank customers through fake apps. Since the allegations about the US election hacking. Further evidence has emerged of what some Western officials. Say is a symbiotic relationship between international cyber criminals and Russian authorities. With hackers allowed to attack foreign targets. With impunity in return for cooperating with the security services. Moscow clamps down on those operating at home. The success of the Cron gang was facilitated by the popularity of SMS-banking services in Russia. Said Dmitry Volkov, head of investigations at Group-IB.
Hackers also inserted malwar:
The gang got their malware on to victims’ devices. By setting up applications designed to mimic banks’ actual apps. International cyber criminals hit bank customers through malware. When users searched online, the results would suggest the fake app. Which they would then download. The hackers also inserted malware into fake mobile apps for well-known pornography sites.
After infecting a customer’s phone. The hackers were able to send a text message. To the bank initiating a transfer of up to $120 to one of 6,000 bank accounts. Set up to receive the fraudulent payments. The malware would then intercept a confirmation code sent by the bank. And block the victim from receiving a message notifying. Them about the transaction.
“Cron’s success was due to two main factors,” Volkov said. “First, the large-scale use of partner programs to distribute the malware in various ways. 2nd, the automation of many (mobile) functions. Which allowed them to carry out the thefts without direct involvement”.