SoylentNews

Arthur T Knackerbracket has found the following story:

Russian authorities have arrested members of the TipTop cybercrime group, believed to have infected more than 800,000 Android smartphones with malware since 2015.

The group operated by renting Android banking trojans from underground hacking forums, which they later hid inside Android apps distributed via search engine ads and third-party app stores.

TipTop has been active since 2015, and operators have been making between $1,500 and $10,500 in daily profits, according to Group-IB, the cyber-security firm who helped Russian authorities track down the gang's members. The group's favorite malware was the Hqwar (Agent.BID) banking trojan, which they rented and used in most of their campaigns.

Hqwar is capable of reading SMS messages, recording phone calls, and initiating USSD-requests. However, it's primary function is to show fake login screens on top of legitimate banking apps, and steal victims' login credentials. Group-IB said TipTop temporarily stopped distributing Hqwar in 2016, when they experimented with its competitors, such as Asacub (Honli), Cron, and CatsElite (MarsElite), but returned to it in 2017 when they used it alongside the Lokibot and modernized Marcher (Rahunok) trojans.

[...] In 2017, Kaspersky ranked Hqwar as the fourth most popular Android malware. A year later, Kaspersky cited Hqwar as one of the root causes in the sudden jump in the number of Android mobile banking trojans, together with Asacub.

[...] While official documents or statements don't mention anything about the suspect collaborating with authorities, officials from the Russian Ministry of Internal Affairs said they also made other arrests with the information gathered from this case, while other suspects are under investigation.

Original Submission