A mega operation was carried out this Wednesday within the framework of investigations of malware and acquisition of illegal cryptoassets, with 64 raids simultaneous in the province of Buenos Aires and throughout the country, in which a gang that robbed around $1,500,000,000something like 1.5 million dollarsafter infecting the computers of, for example, the Buenos Aires Police Circle and the San Jorge de Quilmes Schoolamong others.
Sources in the case said that, within the framework of the case, they 16 arrests; as well as 10 other arrest warrants abroadof which nine already have Interpol red alert: These are seven Venezuelan citizens and three Brazilians.
“One of the Venezuelans, named Francisco Javier Uribe Urdaneta He operated from the United States, and extradition to our country will be requested,” the sources in the case highlighted.
And they said they were robbed 45 million pesos to the Buenos Aires Police Circle$129 million pesos to Laboratorio Farmas de Quilmes, $159 to a company from Bahía Blanca and $112 million pesos to the San Jorge de Quilmes School. With that money, the gang later bought cryptocurrencies: “They all operated the IPs in Venezuela, Colombia, Ecuador and the US.”
The case began in the Buenos Aires Attorney General’s Office, with the prosecutor Rafael García Bordacoordinator of the team of cryptoasset investigators in charge, and continued with the cooperation of the Ministry of National Security: there were more than 500 members of the Argentine Federal Police and The Technological Crimes Division participated, dependent on the Superintendence of Investigations in charge of the chief commissioner. Martin De Cristobal.
“It all started when, through malware attacks, they infected the computers of the victims, causing fraudulent banking operationsmoney that was later transformed into cryptocurrencies and turned abroad,” they explained the modus operandi and highlighted the collaboration Binance and Lemon: “Pmade available both the information contained in their databases and specialists in their fraud areas to assist in the analysis of the information.
In Argentina, the ordered raids took place in the provinces of Buenos Aires, Misiones, Entre Ríos, Chaco, Santa Fe, Tucumán, Río Negro and the Autonomous City of Buenos Aires.
In the procedures, crypto assets were seized: approximately, worth USD 170,000. Cash was also seized: $1,000,000 and USD 300.
Criminals, in general, send a malicious link to the victim, generally, who has the management of a “company account”. Most of the time, the email is disguised with usual information: it can be a budget or a resume.
“When the victim enters, he falls into a silent trap without realizing it, since this type of malware is slowly downloaded in parts to the computer, a circumstance that prevents most firewalls from detecting it,” the sources described.
Once the PC is infected, the second part of the criminal maneuver arrives. As soon as the victim enters homebanking, a screen appears asking for the password validation. This is how the user loses control of their computer. When he recovered it, the account was emptied through one or more transfers to third parties. “That money is then used to buy cryptocurrencies”they warned.
The sources also commented that most of the malware is similar to a Brazilian Trojan called “Grandoreiro”which turns out to be a RAT (Remote Access Trojan), designed with the main objective of take control of the victim computer and make money transfers to accounts managed by cybercriminals.
Fairly, RAT operator cybercriminal monitors user activity and takes advantage of the moment in which you browse your homebanking to show you an image that simulates updating the equipment. “Behind this image, the operator takes control of homebanking and carries out the process of transferring money to mule accounts,” they detailed.
The investigation was led by the prosecutors of the province of Buenos Aires Martín Laius, Pamela Ricci and secretary Franco Gasparini, from the Junín Judicial Department; Andrea Andoniades, Verónica Pérez and the secretary Gimena Rozas (San Martín); Jorge Leveratto and secretary Julio Pérez Carreto (San Nicolás); Rodolfo De Lucía and secretary Natalia Lavirgen Wolf (Bahía Blanca); Martín Almirón and secretary Myriam Caciani Milgram (La Plata); Alejandro Musso and the secretaries Denise Banchero and Alejandro Orlandini (San Isidro); Lucas Moyano and the accountant Roberto Terriele (Azul); and Mariana Curra Zamaniego and secretary Leandro Montejo (Quilmes).
