Members of a Russian hacking group dubbed “Cron” have been arrested for spearheading a campaign to plant malware on Android devices to steal from bank customers.
The attack netted the hackers roughly $892,000—small potatoes in the financial cybercrime world—but the group apparently had plans to widen its operation.
Reuters broke the news, citing a report compiled by Group-IB, which investigated the attack with the Russian Interior Ministry. The perpetrators exploited weaknesses in SMS text message transfer services, allowing the cyber-criminals to funnel funds to personal accounts. It targeted customers of local bank Sberbank, tricking them into downloading fake mobile banking applications, pornography or ecommerce programs. These programs were instead, of course, malware that allowed the group to text messages from those devices to arrange for the transfer of money to the hackers' accounts.
“The attack highlights the growing number of attacks against mobiles and the need for users to be increasingly vigilant,” AlienVault security advocate Javvad Malik told us via email. “Jailbreaking a phone or downloading apps from unofficial app stores increases the possible attack avenues. Similarly, clicking on unsolicited links in email or SMS messages can lead to malware being installed. Also, users should be wary of what permissions an app is asking for and exercise caution where excessive permissions are being sought such as access to phone book, SMS, phone calls and such.”
A full 16 suspects were arrested by Russian authorities. Group-IB said Cron was on average compromising 3,500 devices per day, and was planning to target European lenders before the arrest, including banks in France, and potentially other western nations including Britain, Germany, the United States and Turkey.