Russian Authorities Crack Down on Mamont Android Banking Trojan
In a significant operation, Russian authorities have arrested three suspects in Saratov for developing the notorious Mamont Android banking trojan. This malicious software has been making headlines lately due to its sophisticated methods of infecting devices and siphoning off user funds.
The investigation was carried out by the fraud prevention department of PJSC Sberbank, which assisted in identifying the suspects. According to a statement released on Telegram by the Russian Ministry of Internal Affairs (MVD), the three residents are suspected of fraud and unauthorized access to computer information.
Preliminary findings suggest that Mamont was developed by these individuals, who distributed it through various channels under the guise of safe mobile applications and video files. Once a device was infected, the perpetrators could use SMS banking services to transfer money from victims' bank cards to mobile operator accounts and electronic wallets controlled by them.
The authorities have linked the three suspects to over 300 cybercrimes, and as part of the investigation, they seized servers, computers, storage devices, and even bank cards. The malware was found to spread via Telegram channels, disguising itself as legitimate mobile apps or video files.
How Mamont Malware Works
The malicious code allows scammers to exploit SMS banking services, routing stolen money to phone numbers and electronic wallets under their control. It can also steal banking credentials, push notifications, and other financial information.
Mamont malware is designed to be stealthy, spreading to contacts in the victim's messenger app and hiding behind fake online stores that lure victims into joining private Telegram chats. The scammers then send a fake tracking app, which is actually Mamont malware, to steal banking data.
The Schematics Behind Mamont
"The attackers claim to sell various products at fairly attractive prices via numerous websites," reads a report by Kaspersky. "To make a purchase, the victim is asked to join a private Telegram messenger chat, where instructions for placing an order are posted."
The Aftermath
Russian authorities have launched criminal cases under Articles 159.6 and 272 of the Criminal Code, blocking resources linked to the scheme. The suspects face travel restrictions and legal conduct orders.
Law enforcement is continuing its investigation into all related crimes and accomplices, leaving a clear message that cybercrime will not be tolerated in Russia. As authorities crack down on Mamont, it's essential for users to remain vigilant and take steps to protect themselves from such threats.
Stay Safe Online
The recent bust of the Mamont Android banking trojan serves as a stark reminder of the dangers lurking online. To avoid falling victim to similar scams, it's crucial to stay informed and take proactive measures to safeguard your digital assets.
Follow us on Twitter: @securityaffairs and Facebook for the latest updates on cybersecurity threats and trends. Stay safe online!