Dutch Banking Malware Gang Busted: Bitcoin's Role
Dutch police arrest four men on charges of using TorRAT banking malware to steal an estimated $1.4 million from consumers. They allegedly laundered the funds using the cryptographic currency known as Bitcoins.
TorRAT is a remote-access Trojan (RAT), designed to steal online banking information, which receives command-and-control (C&C) instructions via the anonymizing Tor network. By using Tor, the botnet's operators can disguise the commands they send to infected PCs and hide the flow of stolen data being transmitted from infected PCs to attacker-controlled servers.
The Windows malware was distributed in part via hacked Twitter feeds, but largely via phishing attacks written in Dutch that targeted online banking users in the Netherlands. "Users fell victim to this threat by clicking fake invoices in specially crafted spammed messages," said Trend Micro senior threat researcher Feike Hacquebord in a blog post.
Police said the TorRAT gang coordinated their operations using Tor Mail -- which was designed to provide users with anonymous, private communications -- and ultimately stole funds from at least 150 Dutch bank accounts.
Stealing victims' money was the easy part. Actually converting it to cash was much more difficult, and a single mistake might leave clues that authorities could trace back to the gang members' real identity. "It is relatively straightforward to manipulate bank transactions on an infected computer. But you need mules for laundering stolen money," said Hacquebord. "The Dutch gang allegedly laundered money through Bitcoin transactions and even set up their own Bitcoin exchange service -- FBTC Exchange -- that went dark after the arrests."
... Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek