Tomcat
Professional
- Messages
- 2,688
- Reaction score
- 1,015
- Points
- 113
Employees of the Ministry of Internal Affairs and representatives of the company BI.Zone, which works in the field of cybersecurity, caught a gang of hackers who stole more than 20 million rubles over five years. from bank cards of Russians using the Faketoken malware. The organizer confessed and is in custody.
Theft of money from bank cards
The police spoke about the arrest of a gang of hackers who stole more than 20 million rubles over five years. from cardholders of Russian banks using the malicious software Faketoken. This was reported to RIA Novosti by representatives of the company BI.Zone, which works in the field of cybersecurity and provided assistance to law enforcement officers in the investigation of the case.
Employees of the “K” Directorate of the Bureau of Special Technical Measures ( BSTM ) of the Ministry of Internal Affairs of the Chuvash Republic, with the assistance of BI.Zone experts , detained the organizer and two members of the criminal group in September 2020. The group had been operating since 2015.
BSTM is a division of the Ministry of Internal Affairs, formed in 1992. One of the areas of its activity is the fight against crimes in the field of computer technology. Regional divisions of BSTM operate in all regions of Russia. Directorate “K” of the Ministry of Internal Affairs identifies, prevents, suppresses and solves crimes in the field of computer information, crimes committed via the Internet, as well as those related to the illicit trafficking of special technical means for secretly obtaining information.
During interrogations, the hackers admitted that they had been regularly stealing money from cards since 2015. Using various services, they cashed out the stolen goods and converted them into cryptocurrency.
Police caught a gang of hackers who stole 20 million from bank cards from Russians
The Ministry of Internal Affairs said in a statement that during a search at the residential addresses of one of the scammers , network devices, communication devices and computer equipment containing clear traces of the development and distribution of Trojan-Banker.AndroidOS.Faketoken malware were discovered and seized. The Ministry of Internal Affairs also discovered SIM cards from various telecom operators and electronic correspondence on Telegram , which confirms the detainee’s involvement in illegal activities.
The leader was given a preventive measure in the form of detention, the rest are under a written undertaking not to leave the place and proper behavior. The defendants confessed, the police said in a statement .
How the malware worked
According to the Ministry of Internal Affairs, the program infected devices, intercepted SMS messages from the bank and transferred them to the criminals server, and also collected bank card data. Using this information, scammers transferred money from victims’ mobile and bank accounts.
The Trojan-Banker.AndroidOS.Faketoken family of malware typically steals the user's one-time banking password and works together with Trojan programs. During a session with an online bank, Trojans use a web code injection technique. Such programs inject into an online banking page opened in a web browser a requirement to download an Android application , falsely notifying the user that this application is necessary for the security of banking transactions, and place a link on the page to the Faketoken Trojan program.
When the downloaded malware runs on the user's smartphone, the attacker uses it to gain access to the user's bank account. The Faketoken program allows an attacker to obtain a one-time code mTAN (mobileTransactionAuthenticationNumber) and transfer user money to their accounts.
RIA Novosti writes that over the last five months of 2020, the hacker group gained access to more than 5 thousand phones and data of at least 2.5 thousand bank cards.
Trojans are becoming more sophisticated
The Faketoken family of malware was first discovered at the end of March 2013. In 2015, that is, around the time when the hackers now caught by the police began their vigorous activity, a Kaspersky Lab report was released . In particular, he pointed out that the activity of hackers who encroached on the money of Android users increased three times in 2015 compared to 2014. At the same time, banking and SMS Trojans were most active in Russia. From July 21, 2014 to July 24, 2015, in the ranking of the most vulnerable countries out of 10 analyzed in the report, 86.6% of attacked users were from Russia , which was then in the lead by a huge margin. In Kazakhstan , which was in second place in the ranking, the number of users attacked by Faketoken was only 3.82%.
Kaspersky Lab experts then found that the absolute majority (98%) of banking malware for Android belongs to one of three families of malware: Faketoken , Svpeng or Marcher. Moreover, the Svpeng and Marcher Trojans steal access data to online banking systems: they replace fields for entering authentication information in mobile banking applications or the applications themselves with phishing ones . In turn, malware from the Faketoken family intercepts one-time codes sent to the user by a bank to confirm a transaction and transmits them to attackers.
In 2018, according to another Kaspersky Lab report, mobile malware began actively using monetization schemes using paid SMS and WAP billing (mobile payment without registration). These Trojans clicked on pages with paid services, and as soon as the subscription was activated, money from the victim’s account went to the cybercriminals. Some of these malware discovered in 2017 also included cryptocurrency modules.
(c) https://www.cnews.ru/news/top/2020-12-15_arestovana_banda_hakerov
Theft of money from bank cards
The police spoke about the arrest of a gang of hackers who stole more than 20 million rubles over five years. from cardholders of Russian banks using the malicious software Faketoken. This was reported to RIA Novosti by representatives of the company BI.Zone, which works in the field of cybersecurity and provided assistance to law enforcement officers in the investigation of the case.
Employees of the “K” Directorate of the Bureau of Special Technical Measures ( BSTM ) of the Ministry of Internal Affairs of the Chuvash Republic, with the assistance of BI.Zone experts , detained the organizer and two members of the criminal group in September 2020. The group had been operating since 2015.
BSTM is a division of the Ministry of Internal Affairs, formed in 1992. One of the areas of its activity is the fight against crimes in the field of computer technology. Regional divisions of BSTM operate in all regions of Russia. Directorate “K” of the Ministry of Internal Affairs identifies, prevents, suppresses and solves crimes in the field of computer information, crimes committed via the Internet, as well as those related to the illicit trafficking of special technical means for secretly obtaining information.
During interrogations, the hackers admitted that they had been regularly stealing money from cards since 2015. Using various services, they cashed out the stolen goods and converted them into cryptocurrency.
Police caught a gang of hackers who stole 20 million from bank cards from Russians
The Ministry of Internal Affairs said in a statement that during a search at the residential addresses of one of the scammers , network devices, communication devices and computer equipment containing clear traces of the development and distribution of Trojan-Banker.AndroidOS.Faketoken malware were discovered and seized. The Ministry of Internal Affairs also discovered SIM cards from various telecom operators and electronic correspondence on Telegram , which confirms the detainee’s involvement in illegal activities.
The leader was given a preventive measure in the form of detention, the rest are under a written undertaking not to leave the place and proper behavior. The defendants confessed, the police said in a statement .
How the malware worked
According to the Ministry of Internal Affairs, the program infected devices, intercepted SMS messages from the bank and transferred them to the criminals server, and also collected bank card data. Using this information, scammers transferred money from victims’ mobile and bank accounts.
The Trojan-Banker.AndroidOS.Faketoken family of malware typically steals the user's one-time banking password and works together with Trojan programs. During a session with an online bank, Trojans use a web code injection technique. Such programs inject into an online banking page opened in a web browser a requirement to download an Android application , falsely notifying the user that this application is necessary for the security of banking transactions, and place a link on the page to the Faketoken Trojan program.
When the downloaded malware runs on the user's smartphone, the attacker uses it to gain access to the user's bank account. The Faketoken program allows an attacker to obtain a one-time code mTAN (mobileTransactionAuthenticationNumber) and transfer user money to their accounts.
RIA Novosti writes that over the last five months of 2020, the hacker group gained access to more than 5 thousand phones and data of at least 2.5 thousand bank cards.
Trojans are becoming more sophisticated
The Faketoken family of malware was first discovered at the end of March 2013. In 2015, that is, around the time when the hackers now caught by the police began their vigorous activity, a Kaspersky Lab report was released . In particular, he pointed out that the activity of hackers who encroached on the money of Android users increased three times in 2015 compared to 2014. At the same time, banking and SMS Trojans were most active in Russia. From July 21, 2014 to July 24, 2015, in the ranking of the most vulnerable countries out of 10 analyzed in the report, 86.6% of attacked users were from Russia , which was then in the lead by a huge margin. In Kazakhstan , which was in second place in the ranking, the number of users attacked by Faketoken was only 3.82%.
Kaspersky Lab experts then found that the absolute majority (98%) of banking malware for Android belongs to one of three families of malware: Faketoken , Svpeng or Marcher. Moreover, the Svpeng and Marcher Trojans steal access data to online banking systems: they replace fields for entering authentication information in mobile banking applications or the applications themselves with phishing ones . In turn, malware from the Faketoken family intercepts one-time codes sent to the user by a bank to confirm a transaction and transmits them to attackers.
In 2018, according to another Kaspersky Lab report, mobile malware began actively using monetization schemes using paid SMS and WAP billing (mobile payment without registration). These Trojans clicked on pages with paid services, and as soon as the subscription was activated, money from the victim’s account went to the cybercriminals. Some of these malware discovered in 2017 also included cryptocurrency modules.
(c) https://www.cnews.ru/news/top/2020-12-15_arestovana_banda_hakerov
