Hackers Stole $1 Billion from Banks Through Google Services

Bank heists have gone digital. It recently came to light that a hacking group, known as the Carbanak gang, was behind a series of bank jobs in 2015. The group managed to steal one billion dollars from more than 100 banks in 30 countries. They accomplished this feat by infecting various Google services with malware. That’s why it’s important to regularly scan your device for the latest malicious threats. Click here to check for viruses on your device now:

The Group Behind the Attack

The Carbanak gang is believed to be a part of a Russian crime ring, and has been active since 2013. However, other sources speculate that the members are not solely Russian, but also Chinese, European, and Ukrainian, and that members are active in more than 30 countries. Their name comes from the type of malware that they use. Considering their goals, wide-scale attacks, targeted groups, and success, this group is likely to grow and expand on its malicious activities. This group is also believed to be behind the massive Oracle data breach.

Read More: Do State Agencies Neglect Tech Security?

The Specific Malware Used

The hacking group uses an updated version of VBScript malware, which allows them to use various Google services. The specific Google services that were affected include Google Sheets, Google Forms, and Google Apps Script. The group was able to infect office documents with malware through mirror domains. By using Google services, the hackers were able to more effectively track and control victims of their malware, in addition to sending commands.

Still, the malware campaign also utilized phishing via email. They created authentic-looking emails and sent them to bank employees, and encouraged the employees to open an attached document. The document would then be infected with malware, which would allow them to control and monitor the bank’s network and behavior.

The group also gained access to various banks by hijacking their video security systems in order to learn more about how the banks and their employees operate day-to-day. The hackers were then able to issue payments to themselves through online bank transfers and ATMs, and by inflating bankers’ account balances (in order to withdraw money from the bank through their account, without actually robbing the banker.)

More Recent Attacks

It was reported in December of 2016 that the hacking group has begun to target the hospitality industry now, with an updated form of their customized malware. They’ve added additional spyware features in order to minimize the possibility of their detection. In 2017, their attacks are likely to grow further, which is why it’s more important than ever to stay up-to-date on the latest malware, and to regularly scan your device for viruses.