Five individuals arrested in relation to Svpeng malware

Apr 14, 2015 19:59 GMT  ·  By

Russia’s Ministry of Internal Affairs announced that law enforcement agencies managed to arrest a 25-year-old individual suspected of creating the Svpeng Trojan for Android devices.

The threat emerged in 2013 and it was seen as run-of-the-mill malware for SMS banking fraud. However, its developer added new functions turning it into a more significant problem, with ransomware and phishing features.

To force the victim into paying the ransom, Svpeng would lock up the entire device and its grasp would persist even after restarting the phone.

Svpeng grew in complexity and expanded outside Russia

One of the tactics used by the malware was to display a phishing page to the user whenever Google’s marketplace app was accessed. The same technique was employed in the case of banking apps, ending with stealing the credentials for accessing the online bank account.

In the beginning, Svpeng targeted only users in Russia, but subsequent versions started to be unleashed to the west and one of the more recent versions released in 2014 was encountered mostly in the US, users in this country accounting for 91% of the infections.

Other countries the malware spread to include UK, Switzerland, Germany, and India. The tactic employed in these regions would be ransomware, which also involved taking a picture of the victim and inserting it in the ransom message.

Investigation is not complete

The alleged author of Svpeng is from the Chelyabinsk region and he worked with four other accomplices, who are also in custody of the police; the authorities say that the financial damage caused by the group is estimated at more than 50 million rubles ($980,000/ €921,000).

At the moment, the investigation continues, its objective being to determine if the individuals currently arrested have been involved in other similar offenses.

The searches at the individuals’ residence revealed computer equipment that had been used in malware distribution activities, mobile phones, SIM cards, server hardware, and payment cards.

The group is charged with creating, using and spreading malicious computer programs.