Hackers who stole $45 million via Lurk Trojan arrested in Russia
Wed 1 Jun 2016
Security research group Kaspersky has assisted in the arrest of a 50 people involved in stealing $45 million (3 billion roubles) from banks, assorted financial institutions and businesses across Russia, using the Lurk Trojan.
On their website Kaspersky researchers cite the arrest as the largest of its kind that has ever taken place in Russia. The company first identified the Lurk-using criminals in 2011, observing attempts to infiltrate remote banking services to steal money from customer accounts.
Ruslan Stoyanov, Kaspersky’s Head of computer incidents investigation, commented:
‘From the very start, Kaspersky Lab experts were involved in the law enforcement investigation into Lurk. We realized early on that Lurk was a group of Russian hackers that presented a serious threat to organizations and users. Lurk started attacking banks one-and-a-half years ago; before then its malicious program targeted various enterprise and consumer systems.’
Victims were affected merely by visiting infected sites, and many of the affected domains were ‘leading media and news sites’, though no details about these have been supplied. The as-yet unnamed hackers also infiltrated IT and telecoms companies in their quest to avoid detection for their network activities, also employing Virtual Private Networks (VPNs) to cloak their work and attempt to preserve anonymity.
The company’s report claims that during the course of the arrest Russian police were able to impede the transmission of money transactions representing over $30 million (2,273 billion roubles).
The Lurk downloader Trojan uses steganography – the embedding of text-based information into image file formats – in order to trigger infection, but also has the relatively unusual characteristic of carrying out its work in RAM, rather than attempting to storm an anti-virus blockade by saving components into the target computer.
The hackers also employed Tor as part of its cloaking activities, and made use of compromised Wi-Fi networks as well.