Wannabe Russian Bank Malware Attacked Millions Of Android Devices, Stole People’s Money

Android Cron Malware

Short Bytes: A malware named Cron was deployed by a 16-membered hacker group in Russia which infected more than a million Android devices across the country by faking itself as banking apps. The hacker group was arrested last year before they could manage to affect banks in other countries.

Russia’s name was prominent on the list of the countries affected by the WannaCry malware. According to a report by Reuters, the nation was affected by another malware called ‘Cron’ which disguised itself as fake banking apps and pornography web clients. It got onto Russian users’ devices by finding a place in online search results.

The malware was created by a 16-memebered hacker group in Russia which also called themselves Cron after the malware. The first traces of malware date back to mid-2015 and on November 22, the core members of the group were arrested before they could target other countries.

Also Read: Is Russia Really Fighting WannaCry Ransomware By Spraying Holy Water On Computers?

A security research firm Group-IB was given the task of investigating the cyber attack. They revealed that the Cron malware affected more around 3,500 devices per day totaling to more than a million Android devices.

Sberbank, Alfa-Bank, and online payments firm Qiwi were among the affected firms. The prime task of the Cron malware was to pull funds from people’s bank accounts by sending text messages to the bank from the infected devices.

An amount up to $120 was transferred to one of the 6,000 fraudulent accounts. The hackers also made sure that user doesn’t get notified about the unwanted transfers by intercepting and blocking the confirmation SMS texts. In total, the malware managed to steal more than 50 million Rubbles ($892,000).

Before their arrest, the hacker group had further plans to expand the reach of their malware to other banks operating in Britain, Germany, France, US, Turkey, and others. According to Group-IB, in June 2016, the hackers subscribed to a $2,000/mo rental plan for a malware called ‘Tiny.z’ which was optimized by its creators to attack mobile banking systems in the respective countries.

Dmitry Volkov, the head of investigations at Group-IB, suggested two points that led to the success of Cron malware. “First, the large-scale use of partner programs to distribute the malware in different ways.”

“Second, the automation of many (mobile) functions which allowed them to carry out the thefts without direct involvement,” Volkov said in a statement.

Cyber attacks like these expose the dangers of the SMS-based payment systems deployed by the banks, according to Lukas Stefanko who is a security researcher at a Slovakia-based firm ESET. SMS-based banking is a handy option in regions where there is a scarcity of internet infrastructure.

“It’s becoming popular among developing nations or in the countryside where access to conventional banking is difficult for people,” Stefanko said.

“For them it is quick, easy and they don’t need to visit a bank… But security always has to outweigh consumer convenience.”

It’s not that banks in Russia have been a part of a cyber attack. Last month, a group hacker manages to steal $800,000 cash from Russian bank ATMs using a malicious program called Disappearing malware.

If you have something to add, drop your thoughts and feedback.

Also Read: EternalRocks: New Malware Uses 7 NSA Hacking Tools, WannaCry Used Just 2

Similar Posts