Law enforcement in Moscow, with support from Group-IB, recently arrested a 32-year-old hacker, accused of taking part in stealing funds from customers of Russian banks using Android Trojans. At the height of their activity, the attackers reportedly siphoned between $1,500 to $8,000 dollars daily and leveraged cryptocurrency to launder the funds anonymously.
Phishing via Android Trojan
Group-IB’s analysis reviewed the tools and techniques used in the group’s attack, revealing that the gang tricked customers of Russian banks into downloading a malicious mobile application—Banks at your fingertips. The app claimed to be an aggregator of the country’s leading mobile banking systems and promised users ‘one-click’ access to all bank cards to view balances, transfer money from card to card, and pay for online services. The app was first discovered in 2016 and was distributed through spam emails.
The criminal group’s approach was rather elementary. Customers of banks downloaded the fake mobile app and entered their card details. The Trojan then sent bank card data or online banking credentials to the command and control (C&C) server. The attackers then transferred between $200 and $500 at a time to previously activated bank accounts and subverted the SMS confirmation code system by intercepting the SMS codes from the victim’s phone. The victims were not aware of the transactions as all SMS confirmations of transactions were blocked.
The investigation by authorities identified a member of the criminal group who was responsible for transferring money from user accounts to attacker’s cards. The 32-year-old unemployed Russian national also had previous convictions connected to arms trafficking. During the suspect’s arrest in May 2018, authorities identified SIM cards and fraudulent bank cards to which stolen funds were transferred. The suspect has confessed to his actions and the investigation / prosecution continues.
Think Twice Before You Install that App
The cautionary tale here seems to be that people need to do a better job of keeping their mobile devices safe. This is certainly not the first case of a phishing attack or Trojan used to steal from bank accounts, or of app-based malware—especially for Android. We’ve seen many cases in the past too.
One such case happened recently—just a couple months ago in March of 2018. A malware campaign attempted to install a resource-draining cryptominer on more than 400,000 computers in 12 hours. According to a Microsoft security researcher, the attack was propagated through a malicious backdoor that was sneaked into a BitTorrent application called Mediaget. Researchers called it a supply-chain attack—which aims to infect large numbers of people by compromising a popular piece of hardware or software.
Many people have questions about torrenting in general. Millions of the people don’t know whether torrenting is legal or illegal. There is certainly content that falls on both ends of that spectrum, but regardless of the underlying content, torrenting carries risks. Authorities will catch and punish you if you torrent material protected by copyright. You also run the risk of downloading infected files.
The moral of the story is that you should do some research on the source of any software you install, or links you click. Think twice before you install some random app on your phone or PC—especially if it’s from an unknown or questionable source. There is a fair chance it may contain malware and you might wake up to find your bank account emptied out.