14 DAY TRIAL // Russian authorities say they’ve prevented the theft of 1 billion rubles ($31.7 million / €24.4 million) by arresting an individual they suspect has been utilizing the Carberp malware to steal money from the customers of Russian banks.
Group-IB, which collaborated with Sberbank and the K Department of Russian Police on the investigation, reveals that the perpetrator is believed to have already used the malware in over 5,000 thefts from online accounts.
The 41-year-old suspect, who is said to have been involved in criminal activities since August 2011, is a resident of the Russian city of Togliatti.
He utilized the Carberp malware to inject malicious HTML code into the webpages of financial institutions in an effort to steal the victim’s login information and other details.
Since many banks rely on messages sent via SMS to confirm transactions, the malicious webpages would also instruct users to hand over their phone numbers.
By cloning SIM cards, the perpetrator was able to bypass the payment confirmations sent by the banks to victims.
“The investigation of this case — from the first moment when Group-IB received a complaint from a victim to when the perpetrator was apprehended — was conducted in record time, in less than six months. Thus, we managed to prevent thefts from Russian banks on the amount of 1 Billion Roubles,” noted Ilya Sachkov, CEO of Group-IB.
“This was the first case investigated within the European Cyber Security Federation (ECyFed) union, which includes Group-IB, CyberDefcon, and CSIS.”
The Carberp malware has often been utilized by fraudsters. Authorities have arrested numerous individuals believed to be involved in the use, distribution and even the creation of the Trojan.
However, experts say the malware family keeps evolving, despite the arrests.