Police have exposed a criminal group using the internet banking malware "DreamBot" to illicitly withdraw money from people's accounts, the Metropolitan Police Department (MPD)'s cybercrime control division announced on Oct. 5.
Victims including a corporation in Ibaraki Prefecture are believed to have lost a combined total of about 240 million yen to the Trojan program, which replicates a one-time password system. Police are working to uncover all of the group's dealings. While much damage from the malware has been reported, the latest case marks the first time for a group to be exposed over its use.
On Sept. 27, police arrested Isen Takemura, a 31-year-old unemployed resident of Kawaguchi, Saitama Prefecture, on suspicion of theft. He is accused of using a cash card in someone else's name to steal about 80,000 yen from an ATM in Tokyo's Shibuya Ward on May 8. He has denied the allegations against him, but police suspect that he played a role within the criminal group of collecting the illicitly withdrawn money.
Police suspect that a person in control of the group overseas indiscriminately sent out emails with malware attachments that infected computers when opened. Once the Trojan made its way into the computer, it would show a fake one-time password screen to internet banking users, and when the user entered the password, money would be sent from the user's account to an account prepared by the criminal group.
In addition to Takemura, two Chinese suspects who are believed to have played a role of withdrawing money have been arrested and charged. Police suspect that Takemura collected the money and used it to purchase a large number of prepaid cards that could be used to purchase items in other countries, and sent them to a figure providing instructions from overseas.
According to the National Police Agency, during the first six months of the year, people lost a combine 564 million yen to illicit banking transactions. Police suspect that the group they exposed was responsible for about 40 percent of the damage.
DreamBot was first confirmed in Japan in December 2016. Internet security firm Trend Micro said that about 25,000 machines were infected with the malware during the first six months of this year.
One-time passwords were introduced by banking institutions from around 2015 as a measure to prevent internet banking fraud, with fixed passwords being replaced with passwords that changed about once a minute. This was said to enhance security. DreamBot is said to take advantage of users' sense of security by displaying a fake one-time password screen that looks just like the real one.
The website of the Japan Cybercrime Control Center (https://www.jc3.or.jp/) has a page that enables users to check with a single click whether their computers are infected. An MPD official advised, "The first precaution is to avoid opening suspicious files. If you suspect an infection, use the site to check."