Four men from The Netherlands are now facing charges after their arrest last week on suspicion of being part of a cybercriminal ring that used TorRAT to gain unauthorized access to bank accounts.
The four men, whose names were not immediately available but were from Alkmaar, Haarlem, Woubrugge and Roden made hundreds of fraudulent bank transfers, said the Dutch Public Prosecution Service.
The suspects used TorMail and relied on money mules to protect their operations, officials said.
They distributed the malware via fake email messages. Once the victim installed the RAT, it started collecting financial information, which ended up used to steal from bank accounts, officials said.
Some of the money ended up converted into Bitcoins. Police said one of the suspects had a Bitcoin exchange, namely FBTC Exchange. The service went down after the arrests.
Police seized Bitcoins worth $10,600. The suspects not only used the digital currency to launder the proceeds of their crimes, but also to pay the members of the conspiracy.
The investigation launched by authorities in The Netherlands focuses on the 150 fraudulent transactions made by the suspects between the spring of 2012 and now.
The total monetory assessment of the entire escapade was around $1.38 million, police officials said.
Researchers from IT security firm Trend Micro monitored the activities around this endeavor. The suspects used Tor hidden websites for command and control (C&C) servers, the researchers said.
The idea the suspects were native Dutch speakers was clear right from the start of Trend Micro’s investigation. The fraudsters used an Armenian crypting service called SamArt to protect their malware against security solutions.
“Buying a service from a crypting service, using tormail.org, and recruiting and abusing money mules puts cybercriminals at risk of getting caught. A single error can lead to the unraveling of the whole cybercrime operation. Tor offers a high degree of anonymity, but Tor tools are not immune to data leaks,” said Trend Micro’s Feike Hacquebord.