Busted in Ukraine: Trojan Developers

Thursday, April 4, 2013 @ 04:04 PM gHale

The leaders behind the Carberp Trojan and other developers that helped create it are under arrest in Ukraine in a joint investigation by the Security Service of Ukraine (SBU) and the Russian Federal Security Service (FSB).

In a major operation, police busted what they said were the gang’s ringleaders, two Moscow-based brothers in their late 20s, one of whom was also a suspect in a real estate fraud case.

Six accomplices of the pair were also under arrest.

Android Bank Apps Steal SMS
Trojan Hides in File, Evades Sandbox
Malware Uses Note Taking Service
Mac Trojan Injects Ads into Sites

“Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infection,” said Ilya Sachkov, chief executive of Group-IB, a security firm that helped investigate the gang’s attacks.

The rest of the group — 20 people all between 25 and 30 years old — were living, working and arrested in Kiev, Zaporozhye, Lvov, Odessa and Kherson, police said.

Each of them worked remotely, and were responsible for the development of one part of the malware, officials said. They would send their work to a server in Odessa, where the gang leader would apparently assemble the pieces into the final product. Developers constantly worked on and changed the malware to evade AV detection.

Carberp is a banking Trojan that steals information that attackers can subsequently use to break into individuals’ and businesses’ online banking accounts. It also has a mobile component that allows criminals to steal mobile transaction authentication numbers sent by banks.

A little over a year ago a Russian gang used the Trojan to steal over $2 million from the bank accounts of over 90 individuals. That criminal ring ended up dismantled. Late last year RSA officials said the team that developed the Trojan has begun to sell it and rent it to anyone who could afford it.

According to the Ukrainian news outlet, some of the arrested men are already out on bail, while others are still under house arrest. If they end up convicted in Ukraine court, the maximum prison sentence they can get is five years. Some of the arrested individuals have Russian citizenship, so they may end up extradited and tried in their native country.

Leave a Reply

You must be logged in to post a comment.