Five Arrested in Zeus, SpyEye Group Takedown

Authorities in six different countries worked together last week to take down a cybercrime ring which ultimately infected tens of thousands of computers with Zeus and SpyEye malware and made off with roughly $2.25 M dollars from banks in the process.

Authorities in six different countries worked together to take down a cybercrime ring which ultimately infected tens of thousands of computers with Zeus and SpyEye malware and made off with roughly $2.25 million from banks in the process.

Europol and Eurojust joined forces to take down the group, based largely in Ukraine, that was believed to have been developing and distributing Zeus and Spyeye banking malware.

“The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks,” Europol said in a press release published Thursday.

The action, carried out on June 18 and 19, resulted in the arrest of five suspects, stemming from eight house searches in four different Ukrainian cities. Europol clarified that the action was part of a lengthy investigation dating back to 2013 and that so far it’s tallied “significant operational successes” in Belgium, Estonia, Finland, Latvia, and the Netherlands, in addition to Ukraine.

The criminals targeted banking systems in Europe and used malware to harvest credentials and compromise bank account information, according to Europol.

“This was a very active criminal group that worked in countries across all continents, infecting tens of thousands of users’ computers with banking Trojans, and subsequently targeted many major banks.”

Zeus and SpyEye are some of the oldest banking Trojans still making the rounds. Countless iterations of the malware have existed since at least 2009, but neither seems to want to fade away completely.

One of SpyEye’s masterminds, Aleksandr Andreevich Panin pleaded guilty in January 2014 after he was caught flying through Atlanta in 2013 – but the malware has persisted and continues to be sold in underground marketplaces.

It’s the latest in a lengthy line of takedowns from Europol and JIT, a joint investigation team comprised of investigators and judicial authorities from Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom. This particular investigation was launched in 2013 and has totaled 60 arrests to date — 34 of which who were made as part of a ‘money mule’ sting carried out by Dutch authorities.

In April Europol worked alongside both the FBI, the DHS, and Dutch authorities to takedown Beebone, a collection of polymorphic bots that infected machines via removable drives.

Suggested articles

Discussion

07/16/18 7:00
Deceased patient data is being sold on the Dark Web: https://t.co/UMQkYI9qKk

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.