The men were arrested after a joint investigation by the Russian Ministry of Internal Affairs (MVD) and Federal Security Service (FSB). According to the MVD, the investigation found that two brothers were the ringleaders of the gang, and developed a plan to steal money from the accounts of online banking customers.
Estimates on how much the gang stole vary. The MVD said the gang is suspected of stealing as much as 60 million rubles (roughly $2 million), but an estimate from Russian security firm Group-IB put the amount at more than twice that in the last quarter.
The gang used the Carberp and RDP-door Trojans to snare victims. Carberp is a well-known Trojan that was recently seen on Facebook as part of a scam where attackers notify Facebook users that their accounts are temporarily locked. All they had to do to get them back was provide their first and last names, email addresses, dates of birth, passwords, and a 20-euro Ukash voucher.
In this case, the goal is to grab the victim's banking information. Once the victim's computer was infected, the attackers would target their banking credentials. With the credentials in tow, the gang sent orders to transfer funds from client bank accounts to accounts under their control, and then made off with the money, the ministry said.
Police investigators were assisted in the case by Group-IB, which noted that the gang hacked popular websites -- including media sites and online stores -- and infected them with malware in order to hit Web surfers with drive-by downloads. According to the firm, the stolen funds were cashed via bank cards, and the gang even went so far as to open an office under the guise of a data recovery company.
"Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infection," Group-IB CEO Ilya Sachkov said in a statement.
In addition to bank fraud, the gang was also involved in distributed denial-of-service attacks, the security firm found.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.