Security Experts:

Connect with us

Hi, what are you looking for?



Russian Authorities Claim Capture of Mastermind Behind Carberp Banking Trojan

Russian authorities claim to have the mastermind behind the Carberp banking Trojan and other members of the criminal gang in custody.

Russian authorities claim to have the mastermind behind the Carberp banking Trojan and other members of the criminal gang in custody.

The cybercrime ring, led by a 28-year old Russian national, allegedly has been in operation since 2009 and has stolen approximately $250 million from Ukrainian and Russian banks, according to a report in Kommersant Ukraine, a national publication. The arrests Wednesday were the result of a joint operation by the Security Service of Ukraine and the Russian Federal Security Service. Several individuals have already been released on bail, while others remain in house arrest.

Carberp TrojanWhile the article doesn’t explicitly name Carberp as the banking Trojan developed by the ring, Aleks Gostev, a security researcher from Kaspersky Lab, voiced his confidence on Twitter that the group was behind the banking Trojan. “Carberp developers and mastermind were finally arrested in Ukraine,” Gostev posted to Twitter Wednesday.

“I know, coz fighting cybercrime is my job,” Gostev added.

The mastermind allegedly led a group of about 20 individuals ranging between 25 and 30 years of age, according to the Kommersant report. The members were living and working in Kiev, Zaporzhye, Lyov, Odessa, and Kherson prior to their arrest. Each member of the gang reportedly was responsible for only one part of the malware’s development. Each developer worked remotely and sent their work to a server in Odessa, and the gang leader assembled the pieces to create Carberp, Kommersant reported.

“Generally, they do not know each other, everyone is responsible for their part of the software development unit,” a source told Kommersant (Google Translate). Under Ukrainian law, the maximum prison sentence they will get is five years, Gostev noted on Twitter.

“Under the new Criminal Procedure Code, the economic crimes are not serious,” the SBU told Kommersant.

“The main objective of the operation carried out by the Security Service and the Federal Security Service was to slow down the malware’s development,” Andrey Komarov, head of international projects at Moscow-based Group-IB told SecurityWeek. “Whether the arrests included the ringleader of the group have not yet been disclosed, nor is it known the exact roles the detained individuals played in the crime ring,” Komarov added.

The members who have Russian citizenship may be extradited and tried in Russia, Gostev said.

About a year ago, authorities arrested and broke up a gang that used Carberp to steal $2 million from over 90 individual bank accounts. That particular gang just used the malware and was not responsible for developing the Trojan, which anyone willing to pay the price can now buy outright or rent for a period of time.

Similar to other active banking Trojans, Carberp could intercept information which could be used to break into online banking accounts and transfer funds. Its mobile component allows criminals to steal mobile transaction authentication numbers (mTANs) sent by banks to authorize specific transactions. Carberp was constantly modified and updated to ensure it would evade antivirus detection.

The Ukrainian SBU seized computer equipment as part of the arrests and will be examining the digital files for evidence, according to the report.

Cyber-crime in Ukraine is growing, with 139 cases of account fraud totaling over $116 million, according to the country’s Interior Ministry. Authorities reclaimed 80 percent of the stolen funds within two hours, Kommersant reported.

Related: Eight Arrested in Moscow For Allegedly Stealing Millions Using Carberp Trojan

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...