X

Gang robs Russian banks with over 1M hacked Android phones

Hackers stole thousands from bank customers in a heist across Russia using fake apps, pornography and insecure phones.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read
screen-shot-2017-05-22-at-11-46-17-am.png
Enlarge Image
screen-shot-2017-05-22-at-11-46-17-am.png

Police seized hundreds of bank cards and SIM cards with fake names after arresting gang members behind a bank hacking heist.

Russian Interior Ministry

Fake banking, GPS and porn apps led to a massive bank heist across Russia for more than a year.

On Monday, Russian officials announced a successful series of raids against a hacking gang who plotted to rob banks around the world. The gang, named after their malware "Cron," infected more than a million Android phones in Russia and stole more than 50 million rubles (roughly $892,000, £685,412, AU$1.2 million) from bank customers, according to the Russian Interior Ministry.

Russian hackers have made headlines in recent months. In March, it was revealed that Russian spies were involved in the historic breach of 1.5 billion Yahoo accounts, and the US continues to investigate Russian hackers' interference with the 2016 presidential election. This latest arrest is a reminder that Russian citizens also have to deal with hacks from their home country.

Cron, the Android-based malware, took over a person's phone, allowing thieves to send text messages to the victims' bank and ask for it to transfer an average $140 per victim, according to Russian cybersecurity firm Group-IB. The virus would then hide any incoming notification from the banks on the infected phones.

So far, Cron has deposited into 6,000 bank accounts for the hackers, according to researchers. It spread as a trojan virus through malicious links in text messages and fake apps. On average, 3,500 victims a day downloaded phony versions of apps like Navitel, Avito and Pornhub, Group-IB said. The scheme was successful in Russia in part because one in five adults in the country use mobile banking, according to the Central Bank of Russia.

"According to our Hi-Tech Crime Trends Report in 2016 mobile Android Trojans caused total losses of over $6 million, which reflects an increase of 471 percent, compared to the previous reporting period," said Dmitry Volkov, head of Threat Intelligence Department and сo-founder of Group-IB.

The group targeted the top 50 banks in Russia and had plans to expand globally, targeting banks in the US, Germany, France, Singapore, Australia and other countries in the beginning of 2016. The hackers paid $2,000 a month for a trojan called Tiny.z last June, which would have allowed them to steal from banks around the world, according to Group-IB.

The majority of its members were arrested last November 22 before carrying out the international heist. The last active member was arrested in April in St. Petersburg. Russian officers arrested 20 people across six regions, including the gang's leader, a 30-year-old man in Ivanovo.

Police seized computer equipment, hundreds of bank cards and fake SIM cards, according to the Russian Interior Ministry. The government released videos of their arrests, which you can see here.

Group-IB first discovered the Cron malware in March 2015, when hackers made fake versions of the Google Play store and Viber. All the hacked devices were running on Android, according to the researchers.

"We've tracked this malware family for several years and will continue to take action on its variants to protect our users," a Google spokesman said.

With more than 2 billion devices in the world and fragmented updates for security, Android users were a prime target, Group-IB said.

At Google I/O , the company announced their efforts to push out crucial security updates to more devices through Project Treble.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Batteries Not Included: The CNET team reminds us why tech is cool.