Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

FBI: Cybercrime Gang Stole $1.2 Million via Bank Malware

Prosecutors Announce Guilty Plea as Part of Ongoing Investigation
FBI: Cybercrime Gang Stole $1.2 Million via Bank Malware

Using malware to infect individuals' PCs and drain their bank accounts continues to be a lucrative source of income for criminals, but such cybercrime has never been a risk-free undertaking.

See Also: Key Security Challenges and Tooling Approaches for APAC in 2024

The latest example of the potential profits and pitfalls from participating in a banking Trojan attack campaign comes via Vyacheslav Khaimov, 55, who pleaded guilty Feb. 3 before U.S. Senior District Judge Edward R. Korman to running an unlicensed money-transmitting business tied to the theft of $1.2 million from at least 30 victims, according to the U.S. Department of Justice.

Federal prosecutors accused Brooklyn, N.Y.-based Khaimov of participating in a global cybercrime ring that had attempted to steal $6 million, and which involves at least four other suspects - none of whom have been publicly identified - according to court documents filed July 12, 2016. The documents were unsealed the following month after Khaimov had been arrested.

"This is an ongoing investigation conducted by the FBI's Cyber Task Force. We will continue to investigate all co-conspirators and bring them to justice," William F. Sweeney Jr., the FBI's assistant director in charge of its New York field office, says in a statement.

The FBI says the cybercrime campaign in which Khaimov participated would take control of victims' bank accounts using malware, then wire the funds to a network of individuals based in the United States, who then moved some of the money into overseas accounts.

Khaimov has been tied to 20 wire transfers from victims' accounts, according to the Department of Justice, which says he received $230,000 between July 2015 and May 2016. Prosecutors said Khaimov held accounts registered in both his own name as well as in the name of a business called Global Universal.

Khaimov had been charged with bank fraud, wire fraud, conspiracy to commit both types of fraud, money laundering as well as conspiracy to commit money laundering.

But he appears to have pleaded guilty to the single, lesser offense of running an unlicensed money-transmitting business. That could see him having to pay a fine as well as serve up to five years in prison.

Khaimov's attorney couldn't be immediately reached for comment.

Tapping Money Mules

Prosecutors didn't disclose the type of malware employed by the gang. But they said the operation relied on more than 20 money mules.

"Mules are typically unsuspecting individuals who believe they are working for a legitimate 'work from home' business," according to a related complaint and affidavit submitted to the court by FBI Special Agent George Schultzel. "As part of their 'employment,' the mules are instructed, typically via email, to open a bank account and receive the funds that have been removed from victims' bank accounts. The mule is then provided further instructions as to where to send the money she/he has received."

In this case, the FBI says, individuals were recruited by an individual named "Samuel Gold," who communicated via phone and email. "None of these individuals had ever met Samuel Gold," Schultzel wrote. But emails received by the money mules repeatedly instructed them to send cashier's checks - for amounts up to $26,600 each - to a Brooklyn-based sporting good store called G&P Sports World where Kaimov worked as a manager, according to the FBI.

It's not clear if Kaimov, or his alleged co-conspirators, were behind the Samuel Gold moniker.

Modern Day Bank Robbery

The attraction of using banking Trojans for criminal gangs is easy to see: They can steal money while not putting themselves at physical risk during the theft, then make it harder for investigators to "follow the money" by laundering it via intermediaries.

The FBI says that stolen funds were often sent to U.S. bank accounts registered in the name of businesses called "Reality Management Corp" and "First California Escrow," after which the money would be moved into overseas accounts, for example in Thailand. One of the suspects in the case - referred to in court documents only as co-conspirator 2, or "CC-2" - had opened 14 bank accounts at 11 different banks in three different countries, according to the FBI.

"Modern-day bank robbers no longer need a gunman and a getaway driver," the FBI's Sweeney says. "Today, they just need a malware operator and money mules to carry out their crime from anywhere in the world."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.