2 min read

Nazi-loving Android malware suspects arrested in Russia

Graham CLULEY

April 14, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Nazi-loving Android malware suspects arrested in Russia

Russian police have arrested five men in connection with an organised criminal attempt to steal money from online banking customers using an Android trojan horse.

The men, who computer crime authorities in the country claim have confessed their involvement in the scheme, are alleged to have stolen up to 50 million rubles ($930,000) with their malware.

Amongst those arrested is said to be the 25-year-old suspected author of the Svpeng banking malware (detected by Bitdefender products as Android.Trojan.Svpeng.A).

Security firm Group-IB, who assisted the Russian authorities with the investigation, claimed that the malware was initially distributed via spammed out SMS messages, containing a link to a boobytrapped version of Adobe Flash Player.

svpeng-fake-flash

Post-infection, the Svpeng Android malware had a variety of dirty tricks up its sleeve:

Firstly, the malware can display fake login pages for online banks, and pass phished login details and passwords onto the hackers.

The hacker can attempt to transfer money from the victim’s account to one under his control using SMS banking services. The malware can intercept any messages sent by the bank to the infected Android smartphone (hiding it from the genuine account owner), and thus grab the confirmation code required to confirm the payment.

According to a Forbes report, the malware may not have just been interested in targeting banking customers in Ukraine and Russia, but also appeared to scan for Western banking apps such as Citi, Amex and Wells Fargo.

Interestingly, the malware was capable of displaying bogus official-looking warnings on victims’ Android devices, claiming to be FBI notifications that the device has been “locked” due to its owner visiting pornographic websites.

The fake ransomware warnings went on to demand a $200 penalty be paid to ensure that the device’s returned to normal working order.

In addition, according to security firm Group-IB, who assisted the Russian authorities with the investigation, the Svpeng trojan can trick users into entering their credit card information into a phishing window rather than the genuine Google Play interface used to make app purchases.

These stolen details can then be abused by the criminals to line their own pockets.

Russia’s Ministry of the Interior made details of the arrest public via a statement on its website, published over the weekend, although it is understood that the police swooped on the gang on March 24th.

Computers, mobile phones, credit cards and other technical equipment were seized by the authorities during searches of the suspects’ houses, and the gang’s “Fifth Reich” admin console uncovered, which allegedly helped them manage the hijacked devices.

svpeng-console

As you can see, the “Fifth Reich” admin console gives the hacker access to statistics about how many devices are compromised, and their whereabouts. It is also replete with Nazi iconography.

Charming…

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read