UPDATE 2013-10-29: added link to article on TorRAT by Tanya Shafir posted on April 22nd 2013.
On October 24th, the Dutch Public Prosecution Service announced the following:
Hackers plunder back accountsOctober 24, 2013 – Public Prosecution Service
Hackers are suspected of looting bank accounts and making hundreds of fraudulent transfers by installing malicious software on the computers of Dutch bank account holders.
On Monday, the police arrested four men from Alkmaar, Haarlem, Woubrugge and Roden on suspicions of involvement in large-scale digital fraud and money laundering case.
Fake email messages were sent containing a link that activates the so-called banking malware, giving the hackers access to the computers of unwitting account holders. It invading `TorRAT’ manipulates the online banking by adding, modifying or deleting data. The malware adds new payments, or changes existing payment orders without the account holder being able to see it.
To protect their criminal activities the suspects made use of TorMail, a free service that allows users to anonymously send and receive messages.
The fraudulent transfers have ended up in bank accounts of moneymules. They were recruited to make their bank accounts available or to open new bank accounts and handing off their credentials. To channel the stolen money, domestic and foreign companies were created and business bank accounts were opened.
Moreover, the defendants exchanged money that was supposedly criminally obtained for bitcoins, a form of electronic currency. One of the men managed itself a bitcoin exchange service where (cash) money can be converted into bitcoins. The Public Prosecution Service seized 56 bitcoins, which have been exchanged for more than 7700 euros.
The police investigation focuses on the period from spring 2012 to the present, and on more than 150 fraudulent transactions. Several banks and companies have reported cybercrime. The extent of the damage is possibly around one million euros.
The suspects are taken into custody for twee weeks by the magistrate in Rotterdam.
- 2013-04-22: Twitter Malware: Spreading More Than Just Ideas (=about TorRAT malware)