Industry News

50 detained as Russia swoops on $45 million banking malware gang

Dismiss the stereotype of the lonely hacker working in his back bedroom. These days organised criminal gangs are behind many of the attacks we see.

And that seems to be what has been occurring in Russia, where authorities have arrested 40 people in relation to a Trojan horse called Lurk.

The fileless Lurk banking malware – which uses sneaky memory injection tricks in an attempt to evade detection – is thought to have helped steal a staggering $45 million over the past five years – a tidy sum, even if you do have to share it with scores of your fellow criminals.

As ThreatPost describes, the malware was spread via compromised legitimate websites that had been boobytrapped to install the malware onto victims’ computers without their knowledge.

The Lurk malware downloaded further malicious code from the net, and in an attempt to cover their tracks, the group behind the attacks are thought to have used a compromised VPN for communications.

In what is said to be the largest ever arrest of hackers ever undertaken in Russia, armed law enforcement agents wearing balaclavas stormed properties in 15 different regions of the country, confiscating computer equipment, forged bank cards and financial documents.

18 of the individuals detained in the raids have now been arrested, and are being held behind bars in Moscow.

One has to wonder if the alleged criminals would be feeling the heat right now if they had targeted financial institutions elsewhere in the world (America perhaps?), rather than one on their doorstep. After all, it’s hard for the FSB to turn a blind eye to Russian cybercriminals targeting Russian banks.

According to the Russian Interior Ministry, one of the banks targeted by the Lurk malware was Sberbank, which security researchers have recently revealed was also in the sights of an Android malware campaign which intercepted incoming SMS messages and scooped up one-time passwords.

It is not thought at this time that the campaigns are related – but rather a case of wherever there is money, that’s where the thieves will be.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.