Security Market Segment LS
Wednesday, 28 March 2018 10:39

Spain arrests leader of gang that used malware to steal money


The leader of a group that used malware to steal money from more than 100 financial institutions over nearly five years has been arrested in Spain.

A statement from Europol said the unnamed man was held in Alicante after an investigation carried out by the Spanish National Police with help from the FBI, authorities from Moldova, Romania, Belarussia and Taiwan, and a number of private security companies.

The gang was behind malware known as Carbanak and Cobalt and had caused banks in more than 40 countries to suffer losses of more than €1 billion.

The malware was capable of facilitating the theft of large sums, with Cobalt allowing thefts of up to €10 million at a time.

The gang started operating in late 2013 with malware known as Anunak that targeted financial transfers and ATM networks. Anunak was developed into a more sophisticated version which came to be known as Carbanak and used until 2016.

Europol said all the attacks used a similar modus operandi. "The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies.

"Once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money."

The money was then cashed out in one of the following ways:

  • ATMs were instructed remotely to dispense cash at a pre-determined time, with the money being collected by organised crime groups supporting the main crime syndicate: when the payment was due, one of the gang members was waiting beside the machine to collect the money being "voluntarily" spat out by the ATM;
  • The e-payment network was used to transfer money out of the organisation and into criminal accounts; and
  • Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money.

The European Banking Federation co-operated with Europol in bringing about the arrest.

EBF chief executive Wim Mijs said: "This is the first time that the EBF has actively co-operated with Europol on a specific investigation.

"It clearly goes beyond raising awareness on cyber security and demonstrates the value of our partnership with the cyber crime specialists at Europol.

"Public-private co-operation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang."

Steven Wilson, head of Europol’s European Cyber Crime Centre, said: "This global operation is a significant success for international police cooperation against a top level cyber criminal organisation.

"The arrest of the key figure in this crime group illustrates that cyber criminals can no longer hide behind perceived international anonymity."



You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments