Police Uncover Hackers Who Stole Over 20 Million Rubles from Russian Bank Clients
Officers from the “K” Department of the Ministry of Internal Affairs in the Chuvash Republic have detained the organizers of a criminal group that stole money from Russian bank clients using the malicious software FakeToken. According to Bi.Zone, the group operated for more than five years, causing losses exceeding 20 million rubles.
During searches at the residence of one of the suspects, police discovered and seized network devices, communication equipment, and computer hardware containing clear evidence of the development and distribution of the Trojan Banker.AndroidOS.FakeToken malware. Law enforcement also found SIM cards from various mobile operators and electronic correspondence in Telegram, confirming the suspect’s involvement in illegal activities.
How the Hackers Operated
Experts report that the criminals used the Trojan Banker.AndroidOS.FakeToken malware to steal money from users of Android mobile devices. The program infected devices, intercepted SMS messages from banks, and sent them to the criminals’ server. It also collected bank card data. Using this information, the hackers transferred money from the victims’ mobile and bank accounts.
“In the past five months alone, the hacker group gained access to more than 5,000 phones and the data of at least 2,500 bank cards,” the company noted.
About the FakeToken Trojan
The FakeToken banking trojan has been known since 2016. It is capable of attacking over 2,000 financial applications, and around 16,000 users in 27 countries—including Russia, Ukraine, and Germany—have fallen victim to it.
Previous Convictions in Chuvashia
In 2017, two hackers in Chuvashia were convicted of distributing malicious software for financial gain. The criminals infected more than 1,100 devices with malware designed for covert remote control, allowing them to copy passwords and electronic payment details. The investigation found that a 30-year-old resident and his 28-year-old accomplice installed malware on devices to secretly manage infected systems and collect sensitive information. They intended to sell the stolen passwords and codes online but were apprehended before they could do so.