Anyone who’s ever forgotten to pay a bill will empathize with the recent victims of an Internet-based bank-robbing scheme operating out of Slovenia.
The Slovenian national Computer Emergency Response Team, SI-CERT, reported Saturday (March 23) that five Slovenian citizens had been arrested in connection with a series of malware attacks that led to 2 million euros ($2.6 million) being stolen from the accounts of several small and medium-size businesses.
The cyber-criminals allegedly sent spoof emails made to look like late-payment warnings from local banks and, in one case, a state tax authority.
Attached to the fear-inducing emails were Trojans that, once downloaded, installed a remote administration toolkit (RAT) on the victims' PCs.
The RAT enabled the alleged criminals to monitor the activities of the businesses' accounting departments, eventually gleaning the necessary credentials to break into a company’s bank account.
In parts of Europe, banks require online-account holders to verify their identities by inserting a bank-issued smartcard into a reader attached to their PCs.
So whenever a business employee targeted by the gang forgot to remove the smartcard from its reader after use, the company bank accounts were simply sitting ducks for the cybercriminals.
The thieves typically waited until a Friday or the day before a national holiday to move money out of the rightful owners' accounts into dummy accounts set up to receive the stolen money, according to SI-CERT.
This allowed the criminal activity to go unnoticed for several days before being brought to the attention of business and bank personnel.
The malware doesn't sound like a typical banking Trojan, which is a more sophisticated piece of malware that automates much of what these alleged criminals did manually, such as grabbing login credentials and emptying accounts. But the end result was the same.
In an attempt to turn the stolen money in the dummy accounts into cash, the criminals also concocted a fraudulent British insurance company as part of a work-at-home scam employing 25 unsuspecting money mules.
The mules successfully transferred approximately 2 million euros before police apprehended those thought to be responsible for the scheme.
The recent arrests are the result of an investigation that began in mid-2012, when SI-CERT started to receive reports from businesses about the malware-packed email scheme.