Russian police have nabbed eight men suspected of running the multimillion dollar Carberp phishing gang, which deployed its namesake Trojan to trick victims into handing over millions of dollars over the past two years.
Operating out a "comfortable working environment" in Russia, the suspected cybercriminals siphoned money from victims' bank accounts by infecting social networking sites, online stores and news sites with the Carberp Trojan and creating fake online payment pages, the security firm Group-IB wrote in its statement today.
Criminal cases of larceny, creation and distribution of malicious software and unauthorized access to computer information have been opened for the eight suspected crooks. Group-IB said that in the last fiscal quarter alone, the Carberp phishing gang netted about $4.4 million from clients of more than 100 banking institutions worldwide.
The Carberp Trojan came into play in 2010 and was often found lurking on Facebook; users who had the misfortune of encountering the Trojan were redirected to a compromised Web page that exactly mimicked a legitimate Facebook page, except that it informed them their account was "locked."
The Trojanized page promised to unlock victims' accounts in exchange for their name, email address, birth date, Facebook password and — as a way to ensure they made some money off the scam — a $25 fee.
The investigation, a joint effort between the Federal Security Service, the Ministry of the Interior of Russia and Group-IB, is the culmination of more than two years of work. Group-IB said the enforcement team, "for the first time in international practice" was able to establish the entire chain of command, from the head of the group and the botnet owner down to those conducting the fraudulent banking transactions and cashing the stolen funds.