The author of the banking Trojan has been captured

On March 26, 2018, Europol announced the acquisition of the leader of Cybergang in Spain responsible for attacks on over 100 financial institutions around the world using the Carbanak and Cobalt malware. The cybercriminal group Carbanak was detected in 2015 by Kaspersky Lab in cooperation with Interpol, Europol and a number of other law enforcement agencies.

The event was commented by Sergey Golovigov, chief cybersecurity researcher, Global Research and Analysis Team (GReAT), Kaspersky Lab, involved in the analysis of the Carbanak organization:

The recent success of law enforcement agencies in the fight against the cybercriminal group Carbanak is great news for the entire industry. Once again, we see that the exchange of information between countries is a very important factor in the fight against advanced cybercrime.

Carbanak is an advanced cybercriminal campaign (APT), under which tools have been used to carry out attacks targeting financial institutions around the world. The main goal of the attackers was to steal money.

The group used elements of social engineering, such as phishing messages with infected attachments (eg Word documents with embedded malicious tools that exploit vulnerabilities) to attack employees of financial institutions. When the victim was infected, the attackers installed a backdoor designed for spying, data theft and remote management of the infected system. The group was primarily interested in systems servicing financial transactions.

At the time of detecting the Carbanak group, researchers from Kaspersky Lab estimated that the attackers had stolen even a billion dollars. Since 2013, the gang has attacked over one hundred banks, e-payment systems and other financial institutions in at least 30 countries in Europe, Asia, North and South America, as well as in other regions.

Taking into account the international scale of attacks by the Carbanak group, we believe that several dozen people were involved in the harmful activities. Traces detected in malicious files and victim computers suggest that the people behind this campaign fluently speak Russian.

Map of victims of banking trojan carbanak



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.