Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes

Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices.

The suspects, whose identities remain undisclosed, were apprehended in the Saratov region. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs, being escorted by police officers.

According to the MVD, the trio is linked to over 300 cybercrime incidents. Authorities also seized computers, storage devices, communication tools and bank cards. 

Mamont malware is delivered through Telegram channels and is typically disguised as legitimate mobile apps or video files. Once installed on a victim’s device, the malware allows criminals to transfer funds from the victim’s bank account via SMS banking services. The stolen funds are routed to phone numbers and electronic wallets controlled by the criminals.

The malware can also collect information about the infected device and exfiltrate messages related to financial or monetary transactions, sending them back to the attackers’ controlled Telegram channel. The malware also can spread to contacts in the victim’s messenger app.

When Mamont files are disguised as a video, the question “Is this you in the video?” usually appears in the filename. 

In another scheme, Mamont scammers set up a fake online store with cheap products. After a victim places an order, they send a malicious file disguised as an order tracker through a private Telegram channel, asking the victim to install it..

In response to growing concerns over SMS-based fraud, the Russian parliament announced in February that it is working on a bill to restrict SMS sending during phone calls. 

According to lawmakers, the criminals often call their victims, posing as employees of law enforcement agencies, the Russian postal service, hospitals and other social institutions to obtain an SMS code. The new bill states that the recipient will only receive an SMS after they hang up the phone.