A gang of Russian hackers known by the name “Cron” has been arrested by Russian police. The hackers, who named themselves after the malware that they used to infect Android devices, are thought to have stolen a whopping 50 million rubles ($892,000) from Russian bank accounts. The Russian Interior Ministry announced the arrests on Monday, following a number of successful raids. The arrests are a stark reminder that the explosion in the number of hackers within the country affects Russians just as much as anybody else.
The Cron malware that the Russian gang used targets Android phones and allows the cybercriminals to send a message to the victim’s bank. That message asks for a sum to be transferred – usually around $140, according to the Russian cybersecurity firm Group-IB.
Complex Android Malware
Cron was first noticed in mid-2015 and it is believed that this group of hackers had been using it for around a year. In that time, the greedy cybercriminals managed to infect around 3,500 devices per day. All in all, over a million Russian Android devices are thought to have been affected.
Group-IB says the trojan malware was deposited onto devices via a number of fake apps, including fake mobile banking apps, e-commerce apps, pornography apps and apps like Navitel and Avito. Stolen money is believed to have been deposited into some 6,000 different bank accounts for the hackers.
The malware allows hackers to remotely control the Android device’s functions. In doing so, the cybercriminals could easily use the SMS text message transfer service used by a number of banks to transfer money. The banks affected include the state lender Sberbank, Alfa-Bank, and the online payments company Qiwi.
A spokeswoman from Sberbank made the following comments:
“Several groups of cyber criminals are working against Sberbank. The number of groups and the methods they use to attack us change constantly.
“It isn’t clear which specific group is being referred to here because the fraudulent scheme involving Android OS (operating system) viruses is widespread in Russia and Sberbank has effectively combated it for an extensive period of time.”
Successful Attack Vector
According to the Russian Central Bank, the hacking operation was extremely successful because one in five Russian adults uses SMS banking. In addition, the dastardly malware blocks the usual successful transfer notification that the bank sends to people’s devices. That means that the attack would have gone unnoticed until the time when people checked their statements.
Lukas Stefanko, from the Slovakian cybersecurity firm ESET, says that the Cron attack is evidence of the dangers posed by using this kind of transfer technology. Stefanko says that unfortunately, in nations with poorer internet, SMS transfers are popular:
“It’s becoming popular among developing nations or in the countryside where access to conventional banking is difficult for people. For them it is quick, easy, and they don’t need to visit a bank… But security always has to outweigh consumer convenience.”
This isn’t the first time that members of this gang have been arrested. Last November, a number of hackers from the Cron gang were detained in Ivanovo. On this occasion, however, it is believed that the police managed to arrest the head hacker – a 30-year-old man also from Ivanovo (300km northeast of Moscow). It is believed that the gang leader was in control of a team of 20 hackers.
According to police, raids took place in six different regions across Russia. An unknown number of suspects were both arrested and placed under house arrest. In addition, the ministry said that,
“In the course of 20 searches across six regions, police seized computers, hundreds of bank cards and SIM cards registered under fake names.”
Fortunately, the hackers were arrested before they began targeting people outside of their own country. However, evidence has been uncovered that demonstrates the cyber gang was intending to victimize Android devices in Europe.
According to IB Group, which worked directly with the Russian Interior Ministry, the hackers had plans to attack customers of European banks including BNP Paribas, Societe Generale, and Crédit Agricole.
IB Group says that in June 2016, the Cron hackers began renting a separate kind of malware called Tiny.z for the sum of $2,000 a month. It is that malware that the Cron hackers were intending to use to target the French banks in question.
Furthermore, Tiny.z had been modified to be able to victimize banking apps in the UK, Germany, and the US. As such, it seems likely that, if left unchecked, this criminal gang would have matured into full-fledged international criminality.
Massive Growing Problem
In the West, we are often made to feel like Russian hackers mainly target foreigners. However, the truth is that they target Russians as well. In fact, the problem is huge and seems to be getting worse. Russian hackers have been linked to the most dangerous viruses ever known, including NetSky, MyDoom, GameOver Zeus, The Russian Snake, and Bagel.
In addition, internet penetration in the country has really improved, and with the temptation of cash rewards on the table, the problem is only likely to get worse. What’s more, although the problem of “script kiddies” is very real (and permits unskilled criminals to begin hacking campaigns) over the years Russia has seen a rise in expertly coded malware.
That is because Russia is a country filled with over-educated young people who can’t get a job. For those people, crime is a huge temptation, and criminal gangs prey on the talented in order to recruit the best hackers into their ranks. The good news is that Russian authorities appear to be cracking down on hackers now more than ever before.
However, in a country of 144 million people, it would appear that there are always going to be more hackers on the horizon to fill the vacuum that those arrested leave behind.
Opinions are the writer’s own.
Title image credit: kc.bangkaew/Shutterstock.com
Image credits: Bloomicon/Shutterstock.com, Cineberg/Shutterstock.com