Android Malware Used To Hack Russian Customers Was Slated For Global Attacks

Bank heist

Russian cybercriminals pulled off a small mobile banking heist on their own countrymen with malware for Android mobile devices. By cybercrime standards it was a fairly small take — about 50 million roubles ($892,000) — but all evidence suggests that the domestic efforts were something of a practice round for wider hits in greater Europe.

According to reports in Reuters, the hackers had leveled up their malware software and were looking to go after French banks’ clients, among others.

The malware was delivered to Russian banking customers via fake mobile banking apps — or via pornography or eCommerce programs.

All in all, 16 suspects were arrested by Russian law enforcement last November and accused of infecting more than a million smartphones in Russia, a rate of about 3,500 devices a day. Targeted specifically were customers of state lender Sberbank, customers of Alfa Bank and customers of online payments company Qiwi.

French banks being potentially targeted were Credit Agricole, BNP Paribas  and Societe Generale.

A BNP Paribas spokeswoman was unable to confirm or deny this information, but added that the bank “has a significant set of measures in place aimed at fighting cyber attacks on a daily basis.”

Societe Generale and Credit Agricole declined comment.

The gang, which was called “Cron” after the malware it used, did not steal any funds from customers of the three French banks. Its MO was exploiting bank services that allow users to SMS text other users small sums of money.

“It’s becoming popular among developing nations or in the countryside where access to conventional banking is difficult for people,” he said. “For them it is quick, easy and they don’t need to visit a bank… But security always has to outweigh consumer convenience,” noted  said Lukas Stefanko, a malware researcher at cyber security firm ESET in Slovakia.