ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Cron

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Cron

NamesCron (Group-IB)
CountryRussia Russia
MotivationFinancial crime
First seen2015
Description(The Hacker News) Group-IB first learned of the Cron malware gang in March 2015, when the criminal gang was distributing the Cron Bot malware disguised as Viber and Google Play apps.

The Cron malware gang abused the popularity of SMS-banking services and distributed the malware onto victims' Android devices by setting up apps designed to mimic banks' official apps.

The gang even inserted the malware into fake mobile apps for popular pornography websites, such as PornHub.

After targeting customers of the Bank in Russia, where they were living in, the Cron gang planned to expand its operation by targeting customers of banks in various countries, including the US, the UK, Germany, France, Turkey, Singapore, and Australia.

In June 2016, the gang rented a piece of malware called 'Tiny.z' for $2,000 per month, designed to attack customers of Russian banks as well as international banks in Britain, Germany, France, the United States and Turkey, among other countries.
ObservedSectors: Financial.
Countries: Australia, France, Germany, Russia, Singapore, Turkey, UK, USA.
Tools usedCatelites Bot, CronBot, TinyZBot.
Operations performedDec 2017New malware targets accounts at over 2,200 financial institutions
Counter operationsMay 2017The Russian Interior Ministry announced on Monday the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called 'CronBot.'

Last change to this card: 22 May 2020

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]