The mastermind behind the Carberp Trojan and the developers that helped created it have apparently been arrested in Ukraine in a joint action by the Security Service of Ukraine (SBU) and the Russian Federal Security Service (FSB).
According to Kommersant Ukraine (via Google Translate), the leader of the group was a 28-year-old Russian citizen. The rest of the group – some 20 individuals all between 25 and 30 years old – were living, working and were finally arrested in Kiev, Zaporozhye, Lvov, Odessa and Kherson.
Each of them worked remotely, and were responsible for the development of one part of the malware. They would send their work to a server in Odessa, where the gang leader would apparently assemble the pieces into the final product. The malware was constantly worked on and changed to evade AV detection.
Carberp is a banking Trojan that steals information that can be subsequently used to break into individuals’ and businesses’ online banking accounts and bleed them dry. It also has a mobile component that allows criminals to steal mobile transaction authentication numbers (mTANs) sent by banks.
A little over a year ago a Russian gang that used the Trojan to steal over $2 million from the bank accounts of over 90 individuals has been dismantled. Late last year RSA commented that the team that developed the Trojan has begun to sell it and rent it to anyone who could afford it.
According to the Ukrainian news outlet, some of the arrested men have already been released on bail, while others are still under house arrest. If they are ultimately convicted by a court of law in Ukraine, the maximum prison sentence they can get is five years. Some of the arrested individuals have Russian citizenship, so they might be extradited and tried in their native country.