Security Experts:

Connect with us

Hi, what are you looking for?



Russian Authorities Claim Capture of Mastermind Behind Carberp Banking Trojan

Russian authorities claim to have the mastermind behind the Carberp banking Trojan and other members of the criminal gang in custody.

Russian authorities claim to have the mastermind behind the Carberp banking Trojan and other members of the criminal gang in custody.

The cybercrime ring, led by a 28-year old Russian national, allegedly has been in operation since 2009 and has stolen approximately $250 million from Ukrainian and Russian banks, according to a report in Kommersant Ukraine, a national publication. The arrests Wednesday were the result of a joint operation by the Security Service of Ukraine and the Russian Federal Security Service. Several individuals have already been released on bail, while others remain in house arrest.

Carberp TrojanWhile the article doesn’t explicitly name Carberp as the banking Trojan developed by the ring, Aleks Gostev, a security researcher from Kaspersky Lab, voiced his confidence on Twitter that the group was behind the banking Trojan. “Carberp developers and mastermind were finally arrested in Ukraine,” Gostev posted to Twitter Wednesday.

“I know, coz fighting cybercrime is my job,” Gostev added.

The mastermind allegedly led a group of about 20 individuals ranging between 25 and 30 years of age, according to the Kommersant report. The members were living and working in Kiev, Zaporzhye, Lyov, Odessa, and Kherson prior to their arrest. Each member of the gang reportedly was responsible for only one part of the malware’s development. Each developer worked remotely and sent their work to a server in Odessa, and the gang leader assembled the pieces to create Carberp, Kommersant reported.

“Generally, they do not know each other, everyone is responsible for their part of the software development unit,” a source told Kommersant (Google Translate). Under Ukrainian law, the maximum prison sentence they will get is five years, Gostev noted on Twitter.

“Under the new Criminal Procedure Code, the economic crimes are not serious,” the SBU told Kommersant.

“The main objective of the operation carried out by the Security Service and the Federal Security Service was to slow down the malware’s development,” Andrey Komarov, head of international projects at Moscow-based Group-IB told SecurityWeek. “Whether the arrests included the ringleader of the group have not yet been disclosed, nor is it known the exact roles the detained individuals played in the crime ring,” Komarov added.

The members who have Russian citizenship may be extradited and tried in Russia, Gostev said.

About a year ago, authorities arrested and broke up a gang that used Carberp to steal $2 million from over 90 individual bank accounts. That particular gang just used the malware and was not responsible for developing the Trojan, which anyone willing to pay the price can now buy outright or rent for a period of time.

Similar to other active banking Trojans, Carberp could intercept information which could be used to break into online banking accounts and transfer funds. Its mobile component allows criminals to steal mobile transaction authentication numbers (mTANs) sent by banks to authorize specific transactions. Carberp was constantly modified and updated to ensure it would evade antivirus detection.

The Ukrainian SBU seized computer equipment as part of the arrests and will be examining the digital files for evidence, according to the report.

Cyber-crime in Ukraine is growing, with 139 cases of account fraud totaling over $116 million, according to the country’s Interior Ministry. Authorities reclaimed 80 percent of the stolen funds within two hours, Kommersant reported.

Related: Eight Arrested in Moscow For Allegedly Stealing Millions Using Carberp Trojan

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...