14 DAY TRIAL // Four men from Alkmaar, Haarlem, Woubrugge and Roden were arrested last week by Dutch authorities on suspicion of being part of a cybercriminal ring that used TorRAT to gain unauthorized access to bank accounts.
According to the Dutch Public Prosecution Service, the suspects are believed to have made hundreds of fraudulent bank transfers.
The cybercriminals used TorMail and relied on money mules to protect their operations.
They distributed the malware via fake email messages. Once the RAT was installed on the victim’s computer, it started collecting financial information, which the fraudsters used to plunder bank accounts.
Some of the money they made was converted into Bitcoin. In fact, one of the suspects is said to have operated a Bitcoin exchange, namely FBTC Exchange. The service went down after the arrests.
Bitcoins worth €7,700 ($10,600) have been seized. The digital currency was used not only to launder the proceeds of their crimes, but also to pay the members of the conspiracy.
The investigation launched by authorities in the Netherlands focuses on the 150 fraudulent transactions allegedly made by the suspects between the spring of 2012 and present.
The total damage caused by the cybercriminals has been estimated at around €1 million ($1.38 million).
Researchers from IT security firm Trend Micro have been monitoring the activities of this criminal ring. According to experts, the crooks used TOR hidden websites for command and control (C&C) servers.
The fact that the cybercriminals were native Dutch speakers was clear right from the start of Trend Micro’s investigation. The fraudsters used an Armenian crypting service called SamArt to protect their malware against security solutions.
“Buying a service from a crypting service, using tormail.org, and recruiting and abusing money mules puts cybercriminals at risk of getting caught. A single error can lead to the unraveling of the whole cybercrime operation. Tor offers a high degree of anonymity, but Tor tools are not immune to data leaks,” Trend Micro’s Feike Hacquebord noted.