Russian cybercriminals used malicious software planted on Android mobile devices to fly to customers of the national bank and planned to target European lenders before their arrest, investigators and sources with knowledge of the case To Reuters.
Their campaign raised a relatively small sum by cybercrime standards – more than 50 million rubles ($ 892,000) – but they had also obtained more sophisticated malware for a modest monthly fee to go after customers of Banks in France and possibly a series of other Western countries.
Russia's relationship to cybercrime is scrutinized after US intelligence officials alleged that Russian pirates had tried to help the Republican Donald Trump to win the US presidency by pirating Democratic Party servers. The Kremlin has repeatedly denied the allegation.
Band members deceived customers of Russian banks by downloading malware via fake mobile banking applications, as well as pornography and e-commerce programs, according to a report compiled by the cyber security group Group -IB which investigated the attack with the Russian Ministry of Interior.
Criminals – 16 suspects were arrested by Russian authorities in November last year – infected more than one million smartphones in Russia, which compromised an average of 3,500 devices a day, According to Group IB.
The hackers targeted customers of the state lender Sberbank and also stole money from accounts at Alfa Bank and the online payment company Qiwi, exploiting the weaknesses of message transfer services SMS companies, said two people with direct knowledge of the case.
Although they only operate in Russia before their arrest, they have drawn up plans to target large European banks, including French lenders, Crédit Agricole, BNP Paribas and Société Générale, group IB. A BNP Paribas spokeswoman said the bank could not confirm this information but added that it "has put in place a significant set of measures to fight cyber attacks daily". Societe General and Credit Agricole refused to comment.
The gang, named "Cron" after the malware used, did not steal funds from customers of the three French banks. However, it has operated banking service in Russia which allows users to transfer small amounts to other accounts by sending an SMS message.
After infecting users' phones, the tape sent SMS messages from these devices that asked banks to transfer money to hacker accounts.
The results illustrate the dangers of using SMS messages for mobile banking, a favored method in emerging countries with less advanced internet infrastructure, said Lukas Stefanko, a malware researcher from the company ESET computer security in Slovakia.
"It is becoming popular among developing countries or in the countryside where access to conventional banking is difficult for people," he said. "For them, it 's fast, easy and they do not need to visit a bank … But security must always prevail over consumer convenience.