Hackers in Russia, after infecting over a million Android devices with malware to siphon money using fake banking apps, were planning a major attack on European bank customers. The group, known as ‘Cron’ after their malware, is in custody now.
The hacking group tricked Android users into downloading malware via fake mobile banking applications, as well as pornography and e-commerce apps. They then took control of their handsets remotely and sent SMS messages from the devices to banks, instructing them to send money to the hackers’ accounts.
The malware was so complex that it blocked any incoming messages or notification from banks on transactions made. Users would be completely unaware of money transfers until they checked later.
Cyber security firm Group-IB, which investigated the attack with the Russian Interior Ministry, said the hackers had grand plans to attack big European banks including France’s Credit Agricole, BNP Paribas, and Societe Generale. In Russia they siphoned money from Sberbank, Alfa Bank and online payments company Qiwi’s customers.
Google has tried to protect users from downloading malicious code by blocking apps that are insecure or engage in deceptive behaviours. But given the OS is based on open source codes, hackers have repeatedly taken advantage of it and upgraded their malware to find ways to bypass such firewalls.
Security researchers, following the lethal WannaCry ransomware attacks, have warned Android users to be careful as the next wave of ransomware attacks could take place on the platform.