Criminal gang behind 1 million infected Android devices rolled up

The Russian authorities have rolled up a criminal gang that infected more than one million Android devices with banking malware to steal money from bank accounts. This was disclosed today by the Russian security company Group-IB.

The “Cron gang” appeared on the radar for the first time in 2015. In forums for criminals, the gang offered the “Cron malware”, which featured the chat app Viber and Google Play. Once active on a device, the malware tried to transfer money from the victim’s bill to criminal accounts. In total, the criminals opened more than 6000 bank accounts, which was converted to 960,000 euros.

The Cron malware was able to send sms messages to phone numbers given by the criminals. The malware could also upload received text messages and hide the bank’s text messages. To spread the malware, sms messages with malicious links and infected applications were used. This way more than 1 million Android devices were infected.

The Cron malware focused on popular Russian banks. The gang would, however, have plans to attack banks in other countries, with France being chosen as the first country. For example, “webinjects” were developed for several French banks.