Six more members of the Carberp gang have been arrested, according reports from the Russian Interior Ministry.

Working with the firm Group-IB, authorities arrested six individuals affiliated with the Carberp and Hodprot malware. The group is alleged to have been responsible for thefts from clients of Sberbank and other banks totaling more than 123 million rubles ($3.67 million).The arrests follow a similar crack down by Russian agencies in March.

According to the Ministry of the Interior (MOI), the hackers used servers in the Netherlands, the United States, and Germany to log the IP addresses of the banks, along with log-in names, passwords and electronic keys of users.

Banks were sent fake money orders from users and the stolen money was later transferred to bank cards and cashed via ATMs, according to a supplementary statement from the Ministry of the Interior of Russian Federation.

The scammers initially went under the name Hodprot, taking their name from the strain of malware they used to target Russians before moving onto Carberp. Much like Hodprot, the Carberp Trojan flourished in Russia, stealing scores of users’ banking credentials last year.

The arrest is the second in the last few months involving Carberp. In March, Group-IB and two Russian federal agencies arrested eight individuals allegedly involved with the scam were apprehended.

Despite the arrest, Kaspersky Lab’s Vyacheslav Zakorzhevsky recently pointed out that the end of Carberp wasn’t near. Zakorzhevsky described in a blog entry how the Trojan’s creators were continuing to sell the malware, some even openly on cybercriminal forums.

Categories: Government, Malware, Web Security