The Stack Archive

Russians arrest Nazi malware thieves

Fri 17 Apr 2015

Russian authorities have arrested five cybercriminals allegedly behind the Nazi-promulgating Android malware Svpeng, which hacked over 350,000 Google devices, stealing credit card details and demanding ransom payments.

According to a Forbes report this week, Russia’s Ministry of Internal Affairs said that it had caught five members of the cybercrime group on March 24th, including the suspected malware creator. The hacking campaign reportedly stole over $930,000 (approx. £620,000) from Russian civilians. Although Russia’s largest national bank Sberbank was the main target for the attack, Android users in the U.S., UK and Europe were also affected.

The Ministry did not reveal the names of the criminals but did confirm that they had received confessions from all five. “Work is underway to establish the involvement of these persons to dozens of similar offenses,” a Ministry official said in a statement.

The Svpeng malware strain combined theft of payment card data and ransomware to infect Android smartphones. Text messages offering Adobe Flash Player downloads were sent to target devices and once downloaded the malware programmed a Google Play pop-up requesting the user’s payment details before they could gain access to the app.

A later version, which targeted U.S. and UK users, locked the device and displayed a fake message from the FBI demanding $200 be paid as a ‘fine’ for viewing pornographic content. It was also discovered that the ransomware scanned banking apps such as those offered by Citi, Bank of America and American Express but as far as research suggests this information was not used by the Svpeng gang.

Fans of Nazi iconography, the group decorated the malware with swastikas and named its control software ‘The Fifth Reich.’

According to the Forbes report, the Moscow-based security firm Group-IB was hired by Sberbank in 2013 to investigate the Svpeng case. The company was able to uncover the hackers’ nicknames in private forums and befriend the ransomware’s creator, working with him undercover for a year, said Group-IB cybercrime investigation lead Dmitry Volkov.


cybercrime hacking malware news Russia
Send us a correction about this article Send us a news tip