A raid against cyber malware distribution launched by the Russian Interior Ministry lead to the arrest of a group of twenty hackers. The group was operating a malware campaign dubbed as Cron which targets the retrieval of financial information from its victims. According to the security company in charge of the raid, Group IB, the total damage caused by the hackers amounted to 50 million rubles.

The money, which is approximately $883,000 in US dollars, we’re all taken from Russian bank accounts. This is not an amount to be taken lightly, but the investigators emphasize that this is significantly small compared to the possible damages the group will cause if they we’re caught any day later.

Based on the reports, the group was planning an international attack that will target Great Britain, France, USA, Turkey, Singapore, Germany, and Australia. Fortunately, the operation was disrupted at the planning stage.

hackers arrested for malware distribution

Cron was a widespread operation that included the regions of Ivanovo, Moscow, Chelyabinsk, Yaroslavl, Chelyabinsk and the Republic of Mari El. It was found out that the Russian hackers arrested for malware distribution was brought together by an anonymous 30-year old resident of Ivanovo, about 150 miles from the Russian capital.

Malware was distributed through counterfeit sites for PornHub, Framaroot, Navitel and Avito. All of which are websites that may require you to make downloads. Another method they used is text messaging wherein links to compromised sites are incorporated.

russian hackers arrested

The Interior Ministry’s partner in the raid, Group IB released the account that 3500 mobile devices we’re subject to such messages daily. The malware packages were named Google-Play.apk, Google_Play.apk, and viber.apk. Once a victim opens the file, their banking credentials are automatically transmitted and recorded by the group. Funds are then stolen and transferred to over 6000 bank accounts managed by Cron members.

It has been surmised that the group obtained its tools from a Trojan-trading website around August 2016 and commenced operation a few months later.

logo hackers news bulletin



This site uses Akismet to reduce spam. Learn how your comment data is processed.