New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Russian Police Take Action Against Malware Group TipTop

TipTop: Russian police have made several arrests of members that are part of the TipTop malware gang. TipTop, who was making between $1,500 and 10,500 dollars a day has been active since 2015. The group primarily used the banking trojan HQWAR, affecting over 800,000 android devices. HQWAR is capable of reading SMS messages, recording phone calls, and initiating USSD-requests, but its main function is to show fake login screens on top of legitimate banking apps which trick users into giving away their credentials. TipTop had previously stopped using HQWAR to begin experimenting with other banking trojans to infect users and steal credentials. The group’s primary targets were Russian citizens using Russian banks. The group was caught once they were able to track down one of the money mules that the group used. Once he was arrested and sentenced, authorities were able to make other arrests in the case with the information they gathered throughout the investigation.

Analyst Notes

The group has had several arrests made, but Russian authorities did not mention if they arrested any “key players” for the group. Because of this, it is possible that although several arrests were made, the group will remain active and find new people to replace the members that were arrested