Security services in Russia and the Ukraine have caught what is believed to be an entire gang of malware writers involved with the Carberp banking trojan.
A group of 20 people were arrested by the Sluzhba Bezpeky Ukrayiny (security service of Ukraine or SBU) and the Federalnaya sluzhba bezopasnosti Rossiyskoy Federatsii (federal security service of Russia, FSB) in cities around Ukraine, according to a report in Kommersant Ukraina.
Working remotely in different Ukrainian cities, the coders were responsible for different modules of the trojan, which were later transmitted to a server in the southern town of Odessa.
There, the leader of the gang would assemble the modules into the final malware product, according to Kommersant.
The leader of the gang, a 28 year old Russian, was taken into custody and may be extradited to the Russian Federation to face charges there. Others in the gang have been given bail or are under house arrest, depending on the severity of their criminal activities.
If convicted in Ukraine, the developers face up to five years in prison. This is the second time malware authors using Carberp to steal money have been caught. In March last year, eight Russian men were arrested in Moscow on charges of having stolen some US$2 million.
Last June, a 22 year old Russian man was arrested for running a modified Carberp-controlled botnet that had hauled in US$4.5 million from victims.
Carberp has been active and for sale since 2009. It is estimated to be responsible for stealing more than US$250 million from bank accounts of internet users.
It is spread via downloaded photos and videos. The malware is able to stop and remove anti-virus products on users' computers.
Thanks to a module that runs on mobile phones, Carberp can be used to bypass two factor authentication by capturing transaction authentication numbers sent by banks for verification.
Last December, the malware writers made Carberp available for a monthly rental of between US$2000 and US$10,000, or for sale in its entirety for US$40,0000.