Russian Authorities have arrested the malware group that was responsible for infecting nearly 800,000+ Android smartphones with malware. Russian Police arrested some members of the TipTop Cybercrime group, that was affecting the Android smartphones with a malware software since 2015. The malware group first started by selling banking malware to the underground or dark web groups and later distributed the same through Android apps and advertisements. The apps infected with banking information stealer malware were distributed through Google Play Store and Search Engine ads.
Group-IB is the Russian security research firm which helped the Russian authorities to track the TipTop group and arrest them. According to the research done by Group-IB, the TipTop group used to make anywhere around $1,500 to $10,500 in daily profits while in operation. The main malware used by TipTop group was the HQWar malware, which is the banking information stealer. This malware can read the SMS messages, phone calls, recordings, USSD Requests and show fake login screens to collect the banking data. The group rented the HQwar malware and later distributed it through the Android apps. For a brief period in 2016, the group stopped distributing the malware and tried their hands on different malware.
Kaspersky ranked the HQwar as one of the most popular banking trojan malware amongst hackers. Also, it was one of the biggest reasons behind the rise of other trojan malware to steal banking information. The primary target of the TipTop group was Russian Android smartphone users and the Russian banks. Most of the hacking attempts were made on Russian users, even if they were living abroad. The researchers at Group-IB located the Money Mules of the group in Krasnoyarsk, Russia and informed the Russian Authorities about the member of the group. After the first arrest earlier this year, the authorities released a statement claiming several other arrests related to the TipTop group members.