News  Android
Nazi Eagle

Malware author arrested in Russia

In 2014, an estimated 350,000 Android devices were infected by a particularly nasty strain of malware known as Svpeng. Recently it was announced the Russians had arrested the 25-year old author and detained 4 of his suspected accomplices. The gang were said to be particularly fond of Nazi war symbols and memorabilia, leading to the "Nazi Zombie" virus infection tag.

This infection is serious because the gang has been esitmated to steal around $1 million to date, with over 90 percent of attacks targetting the US and the UK.

Svpeng adapts its technique

Utilising a worryingly advanced level of sophistication, the malware adapts itself over time. Originally it would pop up a window asking for credit card details when users went to Google Play, which is something every app user does all the time. Then it changed into a form of ransomware which threw up a fake but convicing FBI penalty notice demanding payment.

Distributed via SMS 

The attack vector is an SMS pretending to provide a like to update Adobe Flash, but in fact carries the malware as its payload. The name "Svpeng" is from "The Fifth Reich", and the gang termed itself "The Fascists". The team was caught as a result of the Russian authorities working undercover with them.

600x282 nazi zombies

Group-iB Explains:

13th of April, 2015, Moscow - Administration “K” of the Ministry of Internal Affairs of Russia with a help of Group-IB and Sberbank security service have detained Russian accomplices of a group of cybercriminals. Fraudsters organized malware attacks at android-operated mobile devices of Russian banks’ customers.

They used a Trojan that was requesting account balance of the credit card tied to the mobile device, hiding incoming SMS-notifications and making payments to the accounts of fraudsters