Cron

Description

(The Hacker News) Group-IB first learned of the Cron malware gang in March 2015, when the criminal gang was distributing the Cron Bot malware disguised as Viber and Google Play apps.

The Cron malware gang abused the popularity of SMS-banking services and distributed the malware onto victims’ Android devices by setting up apps designed to mimic banks’ official apps.

The gang even inserted the malware into fake mobile apps for popular pornography websites, such as PornHub.

After targeting customers of the Bank in Russia, where they were living in, the Cron gang planned to expand its operation by targeting customers of banks in various countries, including the US, the UK, Germany, France, Turkey, Singapore, and Australia.

In June 2016, the gang rented a piece of malware called ‘Tiny.z’ for $2,000 per month, designed to attack customers of Russian banks as well as international banks in Britain, Germany, France, the United States and Turkey, among other countries.

Names

Name	Name-Giver
Cron	Group-IB

Country

• Russia

Motivation

• Financial crime

First Seen

2015

Observed Sectors

• Financial

Observed Countries

• Australia
• France
• Germany
• Russia
• Singapore
• Turkey
• UK
• USA

Tools

• Catelites Bot
• CronBot
• TinyZBot

Operations

• 2017-12: New malware targets accounts at over 2,200 financial institutions https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang

Counter Operations

• 2017-05: The Russian Interior Ministry announced on Monday the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called ‘CronBot.’ https://thehackernews.com/2017/05/cron-mobile-banking-malware.html

Information

• https://thehackernews.com/2017/05/cron-mobile-banking-malware.html
• http://blog.group-ib.com/cron

Other Information

Uuid

f7dde02d-7652-4c04-8782-cf56b07b667a

Last Card Change

2020-05-22