Federal and state officials have busted an international cybercrime ring allegedly responsible for stealing millions of dollars from US bank accounts.
At least 37 individuals were charged with exploiting the nefarious Zeus Trojan to drain $3 million, while another 36 were accused of lifting $860,000 from dozens of unsuspecting people and corporations – including JPMorgan Chase.
”The Zeus Trojan [was used] to surreptitiously obtain personal information and hack into victims’ bank accounts. Cybercriminals then allegedly made unauthorized transfers to the bank accounts belonging to co-conspirators,” confirmedCNN’s Ben Rooney.
“The malware was typically sent as an ‘apparently-benign e-mail’ which embedded itself in the victims’ computers once it was opened…But it recorded keystrokes and allowed hackers to [lift] private account information, passwords and other vital security codes.”
Once the accounts were breached and funds withdrawn, the Trojan gang employed “mules” to transport the stolen funds overseas in a calculated effort to avoid detection.
“Using ‘money mules’ who are in the same country as the victims of identity theft is a way to reduce the chances of the banks’ internal fraud detection mechanisms from firing,” explained Sophos security expert Graham Cluley.
“If a US citizen suddenly withdraws money from an ATM in Latvia the bank will get suspicious but if they withdraw from an ATM in New York it will raise fewer questions.
“[Still], anyone who believes that this is the end of criminal gangs using ZBot to infect computers to steal money is sadly mistaken. The kit is still available for download from underground websites by anyone with an interest in cybercrime.”