A Russian cyber crime gang created a trojan malware program that mimics mobile banking applications, and although people were affected locally at the time of its shutdown, This post talks about the mimicry and ways to ensure you’re not being duped.
You should really make sure you know what you’re downloading.
On Monday, the Russian Ministry of Internal Affairs arrested a gang of hackers and criminals dubbed the “Cron” gang. Their offense? Planting a Trojan on more than 1 million Android devices forced transfers, bringing in almost $900,000 from targets located all throughout Russia.
Their methods were interesting, using fake ads and spam text messages to cause users to click a link that installed a trojan horse that targeted different banking apps. The malware searched for login credentials and even intercepted text messages that were sent to the phone for two-factor authentication. These credentials were then used to siphon small amounts from the accounts.
The Cron gang seemed to be preparing for a larger scale attack when they were apprehended. They infected a few thousand devices per day but making only 50-60 transactions per day. The transactions were meant to be smaller, it appears, averaging around $100.
Cron apparently rented a mobile banking trojan app, which mimicked banking applications found on the mobile device once it was injected. Records show it was rented for $2000 a month. Records also show that expansion beyond Russia was planned, with Banks already set up to be attacked all over. The rented trojan app, Tiny.z, was tweaked so that it could also attack banks in the U.S., Turkey, Germany, Singapore, and many other countries.
A large-scale assault on many French banks was in the works as well, including BNP Paribas, Societe General, LCL, and others. And though France was the first country on the hit list, many others were planned on being attacked with a similar version of the same malware.
After the Cron gang’s plans were discovered by the Russian-based security company Group IB, the police and Ministry of Internal Affairs were involved. After collecting sufficient digital evidence, a series of raids and arrests led to the apprehension of the gang, with 20 members in custody, and the confiscation of numerous computers, as well as SIM cards and payment cards, registered to fake or stolen identities.
The arrests were actually finalized in April, but announcements were only recently made by the Russian MIA, due to finalization of the case. The Ministry reported that the group was located in 6 different regions of Russia, and the distances to physically apprehend the criminals took a lot of cooperation between local governments.
So the moral of the story is don’t download an app unless you’re really sure it’s the real app, regardless of what it is for. Hackers could potentially imitate any app, from Facebook to your local credit unions. Search for reputed developers, reviewed apps, and ratings.
The Google Play store, as well as the Apple App Store, both thoroughly screen all apps on the marketplace before allowing them to be downloaded. However, it’s possible to slip past the screening process unnoticed. Since Android more open source friendly, most malware and fraudulent apps are found there. Always update your apps, and only download apps with good ratings (always check before downloading from unknown sources). You can better protect yourself.