Android Malware Used To Rob Russian Bank Customers
The Cron hacking gang used malicious apps and software to infect a million Android smartphones
Hackers have used malware planted on Android smartphones to steal 50 million roubles (around £677,000) from domestic bank customers.
Reuters reported that the hackers have been caught and arrested before they could target European financial organisations with more advance malware they had purchased with their ill gotten gains.
The ‘Cron’ gang, comprising 16 cyber criminals, carried out the theft by tricking customers of Russian banks into downloading malware-loaded fake banking applications along with ponography and e-commerce software with malicious code lucking in it, which enabled them to gain control of the infected smartphones.
From there the hackers were able to send SMS messages to the mobile users’ banks instructing the transfer of money.
Bank breaching
Cyber security firm Group-IB investigated the cyber attack alongside the Russian Interior Ministry where it was discovered that a million smartphones in Russia had been infected with the malware before the 16 hacker suspects were arrested last November.
“Group-IB first learnt about Cron in March 2015: Group-IB’s Intelligence system tracked the activity of a new criminal group that was distributing malicious programs named ‘viber.apk’, ‘Google-Play.apk’, ‘Google_Play.apk’ for Android OS on underground forums,” explained the cyber security company.
“The hackers called this malware “Cron”, hence the logic for our naming convention of the group. Cron targeted users of large Russian banks in the Top 50 standing – all of their SMS banking services were under siege during Cron’s operations.”
The situation came to light when sources close to the investigation tipped off Reuters.
Luckily for the people with infects smartphones and unfortunately for the hackers, only small sums can be transferred via SMS instructions, so despite the volume of devices affected, the amount of money the hackers stole was not astronomical.
However, the hack attack highlights the weaknesses of SM S when it comes to handling banking. SMS banking services are used in Russia to help people living in isolated areas, where access to banks is not easy.
The hack attacks also indicate that Google still has work to do in protecting its Android platform from becoming the propagator of malicious mobile apps and malware, something it appears to be focusing more on with Android O.