Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices. The arrests were made in the Saratov region, with the identities of the suspects remaining undisclosed. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs being escorted by police officers.
According to the MVD, the arrested suspects are linked to over 300 cybercrime incidents, leading to the seizure of computers, storage devices, communication tools, and bank cards. The Mamont malware, which is typically delivered through Telegram channels, is disguised as legitimate mobile apps or video files, posing significant risks to victims.
Once installed on a victim’s device, the malware enables criminals to transfer funds from the victim’s bank account via SMS banking services. The stolen money is directed to phone numbers and electronic wallets controlled by the culprits. Additionally, the malware can collect data about the infected device and exfiltrate messages regarding financial transactions to the attackers’ Telegram channel.
In one concerning scheme, Mamont scammers set up fake online stores with attractively priced products. After a victim places an order, they send a malicious file disguised as an order tracker through a private Telegram channel, misleading the victim into installing it. In response to the escalating threat of SMS-based fraud, Russian lawmakers announced in February that they are drafting a bill to limit SMS sending during phone calls.
Authorities noted that criminals frequently impersonate officers from law enforcement, the Russian postal service, hospitals, and other institutions to extract SMS codes from potential victims. The proposed legislation aims to ensure that SMS messages will only be delivered after a phone call has ended, potentially reducing the risk of such fraudulent activities.