European cyber-cops have felt the collar of a bloke suspected of running a network of crims that used malware to pinch €1bn (£874.8m, $1.24bn) from cash machines and other banking systems.
The crew developed the software nasty Anunak, later updated to Carbanak, as well as cyber-weapons based on Cobalt Strike's penetration testing toolkit. The gang lobbed this malicious code at more than 100 financial institutions around the globe from 2013 until 2016, we're told.
The crooks are said to have kicked off their activities with the Anunak malware in 2013, which was sent in spear-phishing emails to bank employees to infect their Windows PCs when opened. Once compromised, the zombie machines were used to access the bank's internal network and hijack ATMs.
These compromised cash machines then spat out notes at a predetermined time and location, presumably into the nondescript holdall of a gang member. Other activities of the gang included hijacking global electronic payment networks to shuffle money out of infected institutions and into the accounts of criminals.
Because it wouldn't be a financial crime story without them, cryptocurrencies played a part in the money-laundering process: prepaid cards linked to online alt-coin wallets were used to buy flash motors and nice houses, effectively shifting the criminals' cyber-loot, the plod claim.
The Anunak malware evolved into a nastier version known as Carbanak, which was used until 2016. The rogue programmers from then on used the Cobalt Strike penetration testing software to create tailored nasties.
On Monday, Europol made much of the international cooperation that led to the arrest in Alicante, Spain, giving credit to the FBI, police forces from Romania, Belarus, and Taiwan, and private infosec outfits, as well as its own officers.
The Register has asked Europol to comment on how much of the €1bn has been recovered. ®