Suspects Behind Nazi-loving Android Malware Arrested in Russia

Suspected ‘Nazi’ Android FBI Ransomware Architect Detained In Russia – A Nazi-themed malware control panel was used by the Svpeng cybercriminal gang.

It has been announced by Russia’s Ministry of Internal Affairs that a 25-year-old, who was suspected to be the mastermind behind the harmful strain of Android money-stealing malware called Svpeng, has been arrested. Svpeng managed to infect around 350,000 Google devices in 2014.

Four other individuals who allegedly are running a cybercrime gang and appear to be fond of Nazi iconography have also been arrested.

The Svpeng cybercriminal gang used a Nazi-themed malware control panel
 A Nazi-themed malware control panel The Svpeng gang.

This particular campaign disturbed Russian police greatly as it robbed at least 50million rubles ($930,000) from innocent citizens and the country’s largest bank Sberbank picked up on attacks in 2013 prior to becoming an ally in the investigation. However, in the US, UK and Europe, Android users were also attacked by Svpeng.

In June 2014, Kapersky had warned that Svpeng is continuously diverting its focus from Russia and notified that around 91% of the attacks were launched against the English-speaking users primarily in the UK and US.

This malware is undoubtedly the most sophisticated and effective type of money-stealing Android malware because it utilizes numerous techniques to obtain banking credentials.

Initially, it was aimed at stealing funds from victims simply by showing a new window each time a target ran Google Play, requesting users to type credit card number again and again and this info was later transmitted to the hacker’s servers. Later on, for targeting westerners, Svpeng spread FBI penalty notification letters across targeted screen while web browsing was being performed.

The letters claimed that the user was caught surfing through illegal pornographic material and hackers demanded $200 in Green Dot’s MoneyPak cards, which was a form of attack that now is known as ransomware. The attack would block all sort of access point to the device making it fully unusable, according to Forbes.

For distribution of this malware, a fake link of Adobe Flash Player was sent via SMS texts. The link would allow downloading of the Trojan and scan for particular American banking apps such as those of Wells Fargo, Citi Amex, Chase and Bank of America but there is no proof about the purpose of the app after performing scanning.

Although the suspects were arrested on March 24 but the news has been revealed on this weekend. All the alleged suspects were arrested from the Chelyabinsk region. The names of those arrested are not revealed yet but the Russian Internal Affairs Ministry has informed on its website that the five detained suspects have confessed. It was announced by the body that “work is underway to establish the involvement of these persons to dozens of similar offenses.”

According to a Russian Intelligence firm Group-IB, the hackers used Nazi iconography for naming their controls of Svpeng such as the crew was dubbed as “the Fascists” and Svpeng control was called “The Fifth Reich.”


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.