05 Apr 2013

Carberp Team Arrested in Russia After Three-Year Run


The 21-member team that created and distributed the Carberp banker malware has been arrested in Ukraine.

The do-it-yourself malware toolkit sold by the ring has been used to make unauthorized banking transactions that amount to roughly $250 million worldwide. The Carberp Trojan has been used since 2010, but became available to potential buyers in February 2011, with a price tag of $10,000.

 In 2012, Russian authorities arrested eight Carberp members during a raid in Moscow, but development of the toolkit continued. In December 2012, a new variant of the Trojan featuring a bootkit  was selling for $40,000.

According to an article published by Kommersant(Russian content), the Carberp crew members were working remotely from different cities of Ukraine. The arrests have been made in Kiev, Odessa, Lviv and Kherson. The ring leader, a 28-year Russian citizen, was also arrested in Ukraine.

"This is a natural process -- an annual increase in the number of Internet users, and hence the number of scams. In 2012, [we] recorded 139 cases of unauthorized withdrawal of funds from the accounts of companies [...] for a total of over $116 million. We managed to return 80 percent of that amount, with a significant part without delay, within two hours of the crime," said a source within Ukraine's Ministry of Internal Affairs.

Today’s arrests may look like success, but it was possible probably because the Carberp gang was primarily targeting Russian and Ukrainian banks, where local authorities had jurisdiction.