The criminal tricked Russian bank customers into downloading a malicious mobile app called, “Banks at your fingertips,” which claimed to be an aggregator of the country’s leading mobile banking systems. It promised users ‘one-click’ access to all bank accounts to view balances, transfer money between accounts, and pay for online services. The app, first discovered in 2016, was distributed through spam emails.
“The approach was rather basic: bank customers downloaded the fake mobile app and entered their account details. The victim then transferred around $200-500 at a time to previously activated bank accounts, and bypassed SMS confirmation codes,” Group IB said in a statement.
Victims were not aware of the transactions because all SMS confirmations were blocked. Police identified a member of the criminal group responsible for transferring money from user accounts to hacker accounts.
When the suspect was arrested in May, authorities identified SIM cards and fraudulent bank accounts to which the stolen funds had been transferred. The hacker confessed to the crime, but the investigation continues, Group IB said. The 32-year-old unemployed Russian citizen had previous convictions connected to arms trafficking.
If using any of Russia Beyond's content, partly or in full, always provide an active hyperlink to the original material.