This story is over 5 years old.

'Evil Corps' Hackers Are Stealing Millions From Internet Users Worldwide

The creators of the Dridex malware reportedly call themselves the "Evil Corp." A spokesman for the UK's National Crime Agency (NCA) told VICE News the figure of 20 million was an "educated estimate."
October 14, 2015, 12:05pm
Foto di Kay Nietfeld/EPA

UK internet users were issued with a warning on Wednesday about a gang of Eastern European cyber criminals who have stolen up to $100 million dollars from bank accounts worldwide using malicious software.

In a statement, the UK's National Crime Agency (NCA) said up to £20 million ($30.7M) had been swiped from British accounts through a malware known as Dridex, which mainly targets small to medium-sized organizations. It appealed to British internet users to be careful and vigilant.

Dridex, also known as Bugat and Cridex, operates as a Trojan virus spread by infected documents sent in emails to victims. Once opened the infected documents trigger the installation of a program on the targeted computer that can eavesdrop and take pictures of internet browsing, reported the Guardian. The Trojan program can also upload and run other programs, and allow the hackers to communicate with the infected computer. The majority of those that have been infected are Windows users.

An NCA spokesman told VICE News the figure of 20 million was an "educated estimate," and that it was impossible to be certain how much had been stolen because often people weren't aware they had been targeted, but that the investigation had been going on for several years.

Dridex was first spotted by security researchers in November 2014, according to the Guardian, who say its creators call themselves the "Evil Corp" and have been investigated by the US's FBI and Britain's National Crime Agency.

One man has been arrested, Andrey Ghinkul, a 30-year-old Moldovan living in Cyprus. The US indictment says he and his associates stole $3.5m from Penneco Oil in three separate attacks, and tried to steal almost $1m from a school district in Pennsylvania.

Related: IRS Officials Blame Russian Cyber Criminals for Massive Data Theft From Tax Return Website

The government agency also said they were working in tandem with the Federal Bureau of Investigation (FBI) to "sinkhole" the malware, which would involve halting the communication between the infected computers and the hackers controlling them. It added that one arrest had so far resulted from that.

Mike Hulett, head of operations at the National Crime Agency's National Cyber Crime Unit (NCCU) called this a "particularly virulent form of malware."

"We have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes," he said. "Our investigation is ongoing and we expect further arrests to [be] made."

FBI executive assistant director Robert Anderson said: "Those who commit cyber crime are very often highly-skilled and can be operating from different countries and continents. They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cyber crime.

He added: "We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails."

Related: 'Operation Cyber Juice' Shuts Down Underground Steroid Labs Across US

Follow Sally Hayden on Twitter: @sallyhayd