When you read about hundreds of thousands of viruses that appear each day, you may wonder, who puts so much effort in development of this malware and why. The answer is simple ― they are criminals and they do it because it is very, very profitable. Our researchers have discovered an Internet server being used for controlling the attack targeted at users of a large European bank. Log files from this server show that in just one week criminals stole more than 500,000 Euros from a bank’s clients and transferred these funds to accounts, controlled by thieves.
500,000 Euros were stolen in one week from clients of just one bank using a Trojan.
Tweet
In the 20th century, a robbery of this scale would have required some cars, firearms, and a handful of very brave people, because this “business” is very risky. In the 21st century, the robbery involved a banking Trojan, some servers to spread it and control a Trojan when it altered peoples’ money transfers, plus a bunch of not so brave people called “mules” or “drops”, who actually received the stolen funds into their accounts and cashed out.
Controlling “mules” is actually the trickiest part of the operation, that’s why modern robberies are still conducted by organized criminal gangs. This specific heist, which we called Luuuk, involved some clever tricks to control money mules. You can dig deeper in the dedicated Securelist blogpost.
It is worth noting, that Kaspersky Internet Security and Kaspersky PURE include the technology called Safe Money that combines multiple protection measures to counteract most banking Trojans and prevent the aforementioned kind of theft from end users.