A group of cyber criminals was able to steal more than €550,000 (£441,000) from an unnamed European bank at the turn of the year using “mysterious malware”, with all victims in Italy and Turkey, researchers have said.
The Luuuk malware wasn’t actually analysed by Kaspersky Lab researchers, but they did find a log used by the cyber criminals over a week.
The researchers subsequently contacted the bank and law enforcement. An investigation is now underway.
Between €1,700 and €39,000 were stolen from 190 different accounts with far more victims in Italy than Turkey.
Tanase said the malware was “very mysterious” but appeared to be a man-in-the-browser type malware. He couldn’t rule out the malware being a variant on an older kind of MITB malware, such as Zeus.
“On the C&C server we detected there was no information as to which specific malware program was used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) have that necessary capability. We believe the malware used in this campaign could be a Zeus flavour using sophisticated web injects on the victims,” added Vicente Diaz, principal security researcher at Kaspersky Lab.
“This was a hit and run operation,” Tanase added. He believes there were four groups of money mules used in the operation, who were sent the stolen funds from hacked bank accounts to their specially-created accounts before withdrawing money from ATMs and passing it on to the operation’s overlords.
“Most of the time [the criminals in charge] can pick who they like, like a homeless person, and ask them to get a credit card,” Tanase added. “But usually the ones who get caught are the ones at the bottom of the pyramid.”
It appeared the different money mule groups were used to lower the risk of being caught. They were given different limits on how much they could collect, indicating some were more trustworthy than others.
Just two days after Kaspersky found the server, the criminals scarpered and deleted every shred of evidence that might have been used to identify them, the security firm said.
What do you know about Internet security? Find out with our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…