Russian cybercrime group stole 800,000 bank account credentials

Wednesday 8 October 2014 10:40 CET | News

A Russian-speaking cybercriminal group has started a campaign that stole login credentials for hundreds of thousands of online bank accounts.

A recent report conducted by Proofpoint indicates large number of WordPress websites that had been compromised to perform a drive-by download of Qbot, also known as Qakbot, a malicious software program.

Proofpoint analyzed the malware and found an unprotected control panel on a server used by the gang to control the computers. The control panel yielded a wealth of information about the malware campaign, which Proofpoint said collected 800,000 credentials for online bank accounts, many of which were at five US banks and some Europe-based financial institutions.

52% of the compromised computers were running Windows XP, and most of those computers were running Internet Explorer. Qbot uses a technique called browser “hooking” to steal banking credentials.

In addition to stealing online banking credentials, the attackers also appear to be making money from the hacked computers in other ways. The Qbot malware also has a module called “SocksFabric” for a tunneling network. That network can be rented to other cybercriminals who can use the hacked computers as proxies to shuffle their own data around or mask their activity.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Russia, cybercrime group, bank account credentials, Qakbot, malicious software, online security, digital identity
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime