According to information security experts, one such successful “operation” can bring to cyber criminals more than a million rubles (about 15,000 $).
More than 700 messages with the Trojan came to major Russian credit organizations. The senders allegedly were State institutions, one of them is Ministry of Labor. Emails with the virus masked under official documents like "Payment: August-September", "Copies of documents" and so on. Employees of organizations, seeing nothing dangerous in these letters, opened them, but instead of documents received a virus infection of the computer.
According to Group IB specialists, who published a report on the attacks, the damage from the actions of fraudsters can reach 15 000 $.
The mechanism of action is quite simple: the virus created a fake payment order from the Bank on the infected computer and sent it to a legal entity. And then the organization simply transfers the money, but not to the bank, but to scammers who remotely control the infected computer.
The hacker group RTM became active in September this year. In total, according to the company Group IB, during this time the attackers sent more than 11 thousand emails.
