Russian authorities have identified an extensively distributed malware campaign targeting electronic gas stations using software programs at the pumps. Until now, dozens of gas stations have been attacked as customers are conned into paying more for fuel than what has actually been pumped into their vehicle tanks. Reportedly, around 3 to 7% increment per gallon of pumped gas has been added to the cost customers paid at the gas stations due to this new scam.

In lieu of this scam campaign, Russian Federal Security Service (FSB) captured Denis Zayev this Saturday from Stavropol, Russian. Zayev is a hacker and he has been charged with creating software programs for the primary purpose of swindling gas station customers and defrauding them with malware installed on the pumps.

It is worth noting that the software Zayev created was identified on several electronic gas stations where he installed the IT systems. Pumps located in and around Southern Russia have been the predominant targets in this campaign so far.

According to the investigation, the software developed ran on gas pumps as well as cash registries. This aspect allowed Zayev and his affiliates to steal at least 3% and up to 7% more on actual fuel pumped into customer cars. The software was allegedly deployed by Zayev with the approval from the operators at the gas stations since it is discovered that the malware was sold to the operators by Zayev and he remained a partner in their malicious scheme and received a share of the fraudulent earnings.

According to local media “A giant scam covered almost the entire south of Russia in which viruses were found in dozens of gas stations in the Stavropol Territory, Adygea, Krasnodar Territory, Kalmykia, several republics of the North Caucasus, etc. A whole network was built to steal fuel from ordinary citizens – they did not bear any financial loss.”

What actually happened was that the operators left the gas tank empty whenever a new gas fraud cycle took place and when customers returned to refuel their cars the malware redirected between 3 to 7% of the fuel customers already bought to the empty tank without even alerting the customer. The gas pump displayed full details and the cash register issued a receipt for both attempts of gas refueling. When the empty gas tank filled up, operators put the present gas up for sale so as to hide the transactions.

How this scheme was identified is not yet disclosed by the FSB and all that we have been told is that the authorities found it at Russian territories of North Caucasus and Stavropol, Adygea, Krasnodar, Kalmykia. Zayev has been charged with large-scale fraud, development of malicious software and selling the programs to gas station employees. “Hundreds of millions of rubles” have been collected by the schemers, investigators noted.

Gas pump illustration via DepositPhotos/Aleksandrsb