Interior Ministry detained the authors of a banking trojan Lurk

    image

    The Ministry of Internal Affairs of the Russian Federation conducted a series of arrests of hackers responsible for creating the banking trojan Lurk, reports TASS. Earlier in May 2016, other members of the group were detained, which in total from 2013 to 2016 stole 1 billion rubles from the accounts of clients of Russian banks. According to Kommersant, during the activity of hackers, more than 1.7 billion rubles were stolen from the accounts. The FSB participated in the operation to catch the criminals.

    In total, the hacker group consisted of 50 people. The attackers lived in 17 different regions of the Russian Federation. In the course of their capture, the Ministry of Internal Affairs had to conduct searches at 34 addresses throughout the country.

    “By the beginning of 2017, other members of the organized group who were also involved in illegal activities were identified. In connection with the revealed facts, on January 25 of this year, nine citizens suspected of participating in hacker attacks were detained in five Russian regions. In respect of one of them, the court chose a preventive measure in the form of detention, ”said the representative of the Ministry of Internal Affairs of Russia, Irina Volk.

    In total, in the case of the Trojan Lurk, 27 organizers and participants of the group were brought to justice, 19 of them were imprisoned.

    About the banking trojan Lurk became widely known in 2016. According to one of the versions, the Trojan was spread through attacks on the official websites of banks or through phishing on specialized resources and financial forums that were visited by bank employees.

    On the other hand, researchers from Kaspersky Lab found that the software installation file for providing remote access to Ammyy Admin, available for download on the manufacturer’s website, did not have a digital signature, that is, was replaced by attackers.

    After launching the downloaded distribution, the executable file created and launched two more executable files: this is the utility installer and the Trojan-Spy.Win32.Lurk Trojan. Representatives of the criminal group used a special algorithm for checking the identity of the infected computer on the corporate network. The check was done by a modified php script on the server of the Ammyy Group.

    Thus, employees who imperceptibly attentively used and installed software and visited resources are guilty of stealing funds from accounts of bank customers. According to the representative of the Ministry of Internal Affairs, the investigation into this case continues.
    Tags:

    Also popular now: