Dismiss the stereotype of the lonely hacker working in his back bedroom. These days organised criminal gangs are behind many of the attacks we see.
And that seems to be what has been occurring in Russia, where authorities have arrested 40 people in relation to a Trojan horse called Lurk.
The fileless Lurk banking malware – which uses sneaky memory injection tricks in an attempt to evade detection – is thought to have helped steal a staggering $45 million over the past five years – a tidy sum, even if you do have to share it with scores of your fellow criminals.
As ThreatPost describes, the malware was spread via compromised legitimate websites that had been boobytrapped to install the malware onto victims’ computers without their knowledge.
The Lurk malware downloaded further malicious code from the net, and in an attempt to cover their tracks, the group behind the attacks are thought to have used a compromised VPN for communications.
In what is said to be the largest ever arrest of hackers ever undertaken in Russia, armed law enforcement agents wearing balaclavas stormed properties in 15 different regions of the country, confiscating computer equipment, forged bank cards and financial documents.
18 of the individuals detained in the raids have now been arrested, and are being held behind bars in Moscow.
One has to wonder if the alleged criminals would be feeling the heat right now if they had targeted financial institutions elsewhere in the world (America perhaps?), rather than one on their doorstep. After all, it’s hard for the FSB to turn a blind eye to Russian cybercriminals targeting Russian banks.
According to the Russian Interior Ministry, one of the banks targeted by the Lurk malware was Sberbank, which security researchers have recently revealed was also in the sights of an Android malware campaign which intercepted incoming SMS messages and scooped up one-time passwords.
It is not thought at this time that the campaigns are related – but rather a case of wherever there is money, that’s where the thieves will be.