Interior Ministry detained the authors of the banking trojan Lurk

The Ministry of Internal Affairs of the Russian Federation conducted a series of detentions of hackers responsible for creating a banking Trojan Lurk, reports TASS. Earlier in May 2016, other members of the group were detained, who in total from 2013 to 2016 stole 1 billion rubles from the accounts of clients of Russian banks. According to Kommersant, during the activity of hackers, more than 1.7 billion rubles were stolen from the accounts. In the operation to catch the criminals involved the FSB.

In total, the hacker group consisted of 50 people. The attackers lived in 17 different regions of the Russian Federation. In the course of their capture, the Interior Ministry had to conduct searches at 34 addresses throughout the country.

“By the beginning of 2017, other members of the organized group who were also involved in illegal activities were identified. In connection with the revealed facts, on January 25 of this year, nine citizens suspected of participating in hacker attacks were detained in five Russian regions. In respect of one of them, the court chose a preventive measure in the form of detention, ”said the representative of the Ministry of Internal Affairs of Russia, Irina Volk.
')
In total, in the case of the Trojan Lurk, 27 organizers and participants of the group were brought to justice, 19 of them were imprisoned.

About the banking trojan Lurk became widely known in 2016. According to one of the versions, the Trojan was spread through attacks on official websites of banks or through phishing on specialized resources and financial forums that were visited by bank employees.

On the other hand, researchers from Kaspersky Lab found that the installation file for remote access Ammyy Admin, available for download on the manufacturer’s website, did not have a digital signature, that is, was replaced by attackers.

After running the downloaded distribution, the executable file created and launched two more executable files: it is the installer of the utility and the Trojan Trojan-Spy.Win32.Lurk. Representatives of the criminal group used a special algorithm for checking the identity of the infected computer on the corporate network. The check was done by a modified php script on the server of the Ammyy Group.

Thus, employees who imperceptibly attentively to the software used and installed by them and resources visited are indirectly guilty of stealing funds from the accounts of bank customers. According to the representative of the Ministry of Internal Affairs, the investigation into this case continues.