Russian authorities have tracked down a cybercrime group believed to have infected over 800,000 Android devices in Russia. One man has so far been given a two-year suspended prison sentence.

TipTop Cybercrime Group

The cybercrime group TipTop is believed to have infected over 800,000 Android devices since their operations began in 2015. The group evidently distributed rented Android banking trojans by hiding them in Android apps, thereby allowing them access to the users’ SMS messages, phone calls, and even USSD requests.

However, the main purpose of the malware is to show fake login screens on top real banking apps so as to get the users’ login credentials. This allowed the operators to earn $1,500 to $10,500 in profits per day.

In fact, TipTop’s favorite malware, Hqwar, was deemed as the top four most popular Android malware in 2017, and just a year after, authorities began to see a spike in Android mobile banking trojans primarily driven by Hqwar as well as another popular malware Asacub.

Cybercrime Takedown

Earlier this year, cybersecurity firm Group-IB tracked down a 31-year-old male TipTop member in Krasnoyarsk, Russia who was apparently responsible for directly siphoning money from victims’ accounts then transferring them to other cybercriminal accounts. According to officials from the Russian Ministry of Internal Affairs, further arrests were made based on the information they gathered from the initial arrest, and others are already being investigated on.

According to Group-IB, TipTop is the largest malware gang operating in Russia after the takedown of Cron, another cybercrime operation.

“After the liquidation of the Cron group at the end of 2016, the group, which received the working name TipTop, which included a detained hacker, was one of the largest and most dangerous in Russia,” said Group-IB Head of Investigation Sergey Lupanin. "In the course of long work, the operational services to which we transferred our experience managed to identify the victims in several regions of Russia."

ⓒ 2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.