Russian Police have apprehended 16 members of a notorious criminal ring that was targeting bank accounts by using an Android malware, dubbed ‘ Cron ,’ that compromised more than one million Android smartphones.
It was confirmed that the criminal organization had successfully stolen nearly USD900,000 from bank accounts.
Law enforcement, assisted by the cyber security firm Group-IB have identified 25 members of the organization led by a 30-year-old living in the city of Ivanovo.
Group-IB first learnt about Cron in March 2015: Group-IB’s Intelligence system tracked the activity of a new criminal group that was distributing malicious programs named “viber.apk”, “Google-Play.apk”, “Google_Play.apk” for Android OS on underground forums. The hackers called this malware “Cron”, hence the logic for our naming convention of the group. Cron targeted users of large Russian banks in the Top 50 standing – all of their SMS banking services were under siege during cron’s operations.
According to statistics from the Russian Central Bank, 20% of the adult population in the country used mobile banking in Russia. Smartphones have become the new mobile wallet – this trend was capitalized on by cyber criminals. In 2015, 10 new hacker groups started stealing money using mobile Trojans, and the number of incidents tripled!
The hackers preferred to attack Android user since almost 85% of smartphones run Android OS worldwide making them an attractive target for cyber criminal groups.
It is no longer necessary to be a virus writer to steal money from users of Internet banks – ready-to-use malware can be easily purchased or rented on hacker forums. The Cron organizers had already been convicted of various crimes before their hacker attacks. It comes as no surprise that experienced criminals become hackers. Once Group-IB investigated activity of a hacker who earned up to $20 million per month through thefts in online banking, – Group-IB on its official blog.
Investigations also revealed that the Cron Gang decided to extend its activity to other countries, they rented the Tiny.z banking Trojan for USD2,000 per month, a universal tool that has capabilities to attack Android devices of both Russian and international banks’ customers.
There are also speculations that the hackers had been planning on targeting France banking users because the Cron gang developed web injections for several of French banks, including Credit Agricole, Assurance Banque, Banque Populaire, BNP Paribas, Boursorama, Caisse d’Epargne, Societe Generale and LCL.