14 Busted in Malware Case

Monday, November 7, 2016 @ 03:11 PM gHale

Fourteen people are under arrest and facing charges of laundering more than £11 million ($13.6 million) stolen through the use of malware, UK law enforcement officials said.

The money ended up stolen after the victims suffered an infection from the Dridex and Dyre malware, which collected their bank details and allowed the criminals to access their bank accounts.

UK Teen Pleads Guilty in DDoS Service
PA Man Sentenced for Celeb Photo Hack
FL Man Pleads Guilty in Spam Case
Hacking, Terrorism Plea Nets 20 Years

The money in those accounts would be dispersed in smaller amounts to other bank accounts in the UK and in Eastern Europe.

The thirteen men and a woman ended up arrested last Wednesday, in London, Daventry and West Bromwich. Some of them are foreign nationals.

“[They] are suspected to have laundered the criminal profits through hundreds of accounts at various UK banks, using false identity documents and ‘money mules’ recruited and controlled by the crime group,” said officials at the UK National Crime Agency (NCA).

During the arrests, officers seized cash, electronic devices (that will undergo forensic analysis), and multiple false identity documents.

“The malware utilized in this case hits small and medium sized businesses particularly hard,” said Mike Hulett, head of operations at the NCA’s National Cyber Crime Unit.

“Those responsible for writing, developing and deploying malware code also rely heavily on other organized criminals like money launderers, and their fraudulent proceeds can then be used to fund other criminality.”

UK law enforcement received help from Moldovan and Romanian authorities in this investigation, as well as the banking industry.

UK and U.S. law enforcement agencies disrupted the Dridex botnet in October last year, after the arrest of Andrei Ghincu, a Moldovan administrator of the botnet.

A month later, Russian authorities busted the group behind the Dyre banking malware.

The disruption of the Dridex botnet was only temporary, as the botnet has a number of subnets, each likely operated by a different team of attackers.

Those not arrested continued pumping out malicious spam, and begun delivering ransomware. In May, the subnet delivering the Locky malware suffered compromise.

Leave a Reply

You must be logged in to post a comment.