Posted on May 23, 2017 at 6:38 PM

Another cyber attack was discovered, and this one involved cyber criminals that used malware in order to steal from banks via Android phones. The hackers were targeting domestic banks, but they’re also planning to attack several European lenders before they’re caught, claim investigators.

So far, the criminals have managed to steal around 50 million rubles, which is around $892,000. This is far less than cyber criminals usually manage to get away with, but this is not all. They’ve also managed to get their hands on some of the more sophisticated malware for a small fee, and they’re using it to attack clients of several banks from France, and perhaps even the western nations as well.

Ever since the Russian hackers were accused of being responsible for interfering with the US elections, Russia’s relationship with cyber crime is being inspected in detail. Despite all of this, the Kremlin is denying the allegations repeatedly.

The current attacks are being performed by tricking the bank’s customers and making them download malware that poses as a fake banking app. The same malware was also downloaded via e-commerce programs, as well as pornography. 16 suspects were arrested in last November, and it would seem that prior to the arrest, they managed to infect over a million smartphones only in Russia.

They mostly seemed to target Sberbank’s customers, but they’ve also robbed Alfa Bank’s accounts, as well as online payments firm called Qiwi. This was done by exploiting several weaknesses in the text message transfer services of the companies.

Despite the fact that the hackers only operated within Russia, it’s also discovered that they had plans to target European banks, including the French Credit Agricole, Societe Generale, and BNP Paribas. BNP Paribas refused to confirm any of this, but their spokesperson has stated that there are measures taken to prevent such attacks.

The hacker group called itself ‘Cron’, and as far as it’s known, they didn’t manage to steal anything from these three banks. They still managed to rob Russian banks and steal small sums via SMS messages. They would infect user’s phone and give instructions to the bank to transfer funds to the account controlled by hackers. This shows how dangerous mobile banking can be if the internet infrastructure isn’t advanced enough.

The Russian Interior Ministry has stated that the leader of the gang was arrested as well and that he’s a 30-year-old who lived in Ivanovo, from where he commanded his team. Four people are kept in detention, and the rest of them are under house arrest.

The existence of the malware that the group used was detected back in 2015, and that hackers have been using it for almost a year at the time of the arrest.

After the arrest, the investigators confirmed that they planned attacks outside of Russia, but they never got to make any. Group-IB has stated that they managed to rent a malware that was created in order to attack mobile banking systems. This malware was named ‘Tiny.z’, and they rented it for $2,000 per month. It was made to be able to hack banks in Germany, Britain, US, Turkey, France, and other countries.

On the other hand, ‘Cron’ made software that was able to attack lenders, and also the three French banks. Sberbank’s spokesperson has stated that the bank has nothing of ‘Crow’, but added that they have several other hacking groups that are working against them and that their attacks are constantly changing.

Alfa Bank and Qiwi did not give any comment.

The creator of Android, Google, has been doing a lot in order to stop users from downloading malicious content for years now. They’ve been blocking suspicious apps, and also tracked malware families for years, as their spokesperson says.

The Russian authorities have used this attack to show that Russia itself is a target of hacking attacks as well. This was supposed to directly combat accusations of the government-sponsored hackers. On the other hand, it’s believed that the US has evidence that the hackers from Russia were allowed by the government to attack foreign targets, as long as they cooperate with their own security services when asked.

Group-IB’s head of the investigation, Dmitry Volkov, has stated that the app that the group used was made to mimic the real banking app. It would come out first during the app search, and the users would then download it. And the same malware was inserted into pornography websites. After they infected the phone, they would send instructions to the bank to transfer up to $120 to the hacker’s account. The bank would send a confirmation code, and the malware would intercept it. The victim never knew what happened.