Facebook Twitter Instagram YouTube LinkedIn
    Facebook Twitter Instagram LinkedIn YouTube
    Trending
    • IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’
    • Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases
    • BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles
    • Security Automation Cuts Down Expenses and Saves Time for IT Teams
    • IBM Think 2022 – Embracing the Present, Preparing for the Future
    • A Game of Numbers: The Correlation Between Technology and Sports Betting
    • Software-based Enterprise Solutions for Navigating the “Too Much Information” Age
    • A Look At The Last Generation Of Internal Combustion Engines
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • Technology
      Featured
      March 1, 20216

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 15, 2022

      A Look At The Last Generation Of Internal Combustion Engines

    • Reviews
      Featured
      March 4, 20211

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      April 7, 2022

      Dell’s Latitude 5430 Rugged – Redefining the Extremes of Mobile Computing

      October 12, 2021

      Innovating Home Video Conferencing: Dell’s New 27 Video Conferencing Monitor – S2722DZ

      September 22, 2021

      Review: Intrusion Shield

    • Podcasts
    • Security
      Featured
      March 7, 20212

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      May 23, 2022

      IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

      May 14, 2022

      Ransomware is Indiscriminatory – Prepare for Everything to Fail

      May 5, 2022

      Cybersecurity Myths that are Compromising Your Data and How to Address Them

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      April 8, 2022

      AI and Why Windows 12 Could Be a Far Bigger Advance than Windows 95 Was

      October 11, 2021

      The Surface Laptop Studio: Building a Windows 11 Targeted Laptop

      August 28, 2021

      Why Microsoft’s Hardware Baseline for Windows 11 Is Important

    • News & Analysis
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 20, 2022

      IBM Think 2022 – Embracing the Present, Preparing for the Future

      May 14, 2022

      Apple vs. Dell: Choosing Which Company to Work For

    • Business
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      Security Automation Cuts Down Expenses and Saves Time for IT Teams

      May 18, 2022

      Software-based Enterprise Solutions for Navigating the “Too Much Information” Age

    TechSpective
    You are at:Home»Security»Cryptomining»Android Trojan Allows Hackers to Steal $8,000 Per Day from Russian Banks
    Android Trojan phishing attack
    Image from Pixabay

    Android Trojan Allows Hackers to Steal $8,000 Per Day from Russian Banks

    1
    By Anas Baig on May 29, 2018 Cryptomining, Mobile Threats, Phishing, Social Engineering, Trojan

    Law enforcement in Moscow, with support from Group-IB, recently arrested a 32-year-old hacker, accused of taking part in stealing funds from customers of Russian banks using Android Trojans. At the height of their activity, the attackers reportedly siphoned between $1,500 to $8,000 dollars daily and leveraged cryptocurrency to launder the funds anonymously.

    Phishing via Android Trojan

    Group-IB’s analysis reviewed the tools and techniques used in the group’s attack, revealing that the gang tricked customers of Russian banks into downloading a malicious mobile application—Banks at your fingertips. The app claimed to be an aggregator of the country’s leading mobile banking systems and promised users ‘one-click’ access to all bank cards to view balances, transfer money from card to card, and pay for online services. The app was first discovered in 2016 and was distributed through spam emails.

    The criminal group’s approach was rather elementary. Customers of banks downloaded the fake mobile app and entered their card details. The Trojan then sent bank card data or online banking credentials to the command and control (C&C) server. The attackers then transferred between $200 and $500 at a time to previously activated bank accounts and subverted the SMS confirmation code system by intercepting the SMS codes from the victim’s phone. The victims were not aware of the transactions as all SMS confirmations of transactions were blocked.

    The investigation by authorities identified a member of the criminal group who was responsible for transferring money from user accounts to attacker’s cards. The 32-year-old unemployed Russian national also had previous convictions connected to arms trafficking. During the suspect’s arrest in May 2018, authorities identified SIM cards and fraudulent bank cards to which stolen funds were transferred. The suspect has confessed to his actions and the investigation / prosecution continues.

    Think Twice Before You Install that App

    The cautionary tale here seems to be that people need to do a better job of keeping their mobile devices safe. This is certainly not the first case of a phishing attack or Trojan used to steal from bank accounts, or of app-based malware—especially for Android. We’ve seen many cases in the past too.

    One such case happened recently—just a couple months ago in March of 2018. A malware campaign attempted to install a resource-draining cryptominer on more than 400,000 computers in 12 hours. According to a Microsoft security researcher, the attack was propagated through a malicious backdoor that was sneaked into a BitTorrent application called Mediaget. Researchers called it a supply-chain attack—which aims to infect large numbers of people by compromising a popular piece of hardware or software.

    Many people have questions about torrenting in general. Millions of the people don’t know whether torrenting is legal or illegal. There is certainly content that falls on both ends of that spectrum, but regardless of the underlying content, torrenting carries risks. Authorities will catch and punish you if you torrent material protected by copyright. You also run the risk of downloading infected files.

    The moral of the story is that you should do some research on the source of any software you install, or links you click. Think twice before you install some random app on your phone or PC—especially if it’s from an unknown or questionable source. There is a fair chance it may contain malware and you might wake up to find your bank account emptied out.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleRoot Access Creates More Container Security Problems than it Solves
    Next Article The Best Gaming Ultrabooks of 2018
    Anas Baig
    • Twitter

    Anas Baig is a Cyber Security Expert, a computer science graduate specializing in internet security, science and technology. Also, a Security Professional with a passion for robots & IoT devices. Follow him on Twitter @anasbaigdm, or email him directly.

    Related Posts

    Surefire Ways to Boost PC Cybersecurity

    Lisa Plaggemier Discusses Cybersecurity at the Winter Olympics

    Why Implementing Ethical Phishing Campaigns Aren’t Enough to Protect Against Data Breaches

    Comments are closed.

    Site Sponsors
    Intel
    DevOps.com
    Adobe
    PopSpective
    • Technology
    • Popular
    • Top Reviews
    May 20, 2022

    Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

    May 20, 2022

    BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    May 15, 2022

    A Look At The Last Generation Of Internal Combustion Engines

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Adobe
    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    PopSpective
    Adobe
    PopSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    Adobe

    © 2020 Xpective, Inc.

    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact
    © 2021 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.