Two members of a Russian cybercrime gang have been arrested for withdrawing money from people's bank accounts by infecting their Android smartphones with malware in what is thought to be the first incident of its kind in the country.
Detailed in a blog post by computer forensics company Group-IB, the botnet duo from Arkhangelsk, aged 24 and 25, began mass mailing MMS messages from "RomanticVK" or "VK_Gift" with the promise of a "romantic gift" at the end of 2013.
Those who clicked a link embedded in the message saw a virus was downloaded to their smartphone, which charged the mobile phone account from a bank accounted linked to that number.
The messages were initially detected and blocked following cooperation from the security division of Russian bank Sberbank, Group-IB and mobile operators. However, a criminal investigation was launched when a stronger strain of mlaware was developed and began affecting users shortly after. The duo was then arrested after Group-IB assisted the Directorate K of the Russian Miniistry of Internal Affairs.
Liya Sachkov, CEO at Group-IB, said: "At a request by Sberbank, Group-IB provided support to the investigations in all the stages. Our security incident response center CERT-GIB closely monitored and promptly blocked new malicious resources. Computer hardware seized from the criminals during the arrest was sent to Group-IB's forensic lab for investigation and additional evidence."