A Russian resident in his early 20s is believed to be the leader of a tightly knit gang using banking Trojans and money mules to earn themselves millions of dollars.
The actions of this group have been followed quite a while by Trend Micro researchers, who say that “Soldier” – as the young gang leader is known in the criminal underground – has managed to steal over $3.2 millions in only 6 months, starting with January 2011.
To that effect, he uses a wide variety of malware: the SpyEye and ZeuS Trojans for stealing online banking and other credentials, and a number of exploit kits to install them on target computers.
The overwhelming majority of the infected computers are located in the US, where the money mules recruited by an accomplice believed to reside in Hollywood are also located.
The researchers have analyzed the IP addresses recorded by one of his SpyEye botnet’s C&C centers and have come to the conclusion that computers from various organizations and businesses were compromised, including those belonging to the US Government and military, educational and research institutions, airports, banks and other companies in a variety of economical sectors.
They believe that all these organizations weren’t the main target of this gang. They were after easy money that could be gained by stealing online banking credentials and accessing the victims’ accounts, or by selling other stolen login credentials such as those for social networks, emails, PayPal and similar.
“Compromise on such a mass scale is not that unusual for criminals using toolkits like SpyEye, but the amounts stolen and the number of large organizations potentially impacted is cause for serious concern,” say the researchers, who are currently in the process of informing the owners of the enslaved machines about their findings.