Fraudsters extract $680,000 from one bank over the course of a week

The campaign, dubbed Luuuk, surfaced after researchers detected a suspicious looking command and control server.

“The server contained multiple log files that showed bots conversing with a Web panel,” Kaspersky Lab reports. “The data suggested financial fraud because it included victims’ details such as the amount of money stolen from clients’ bank accounts.”

The crooks ultimately siphoned off €500,000 (roughly $679,700 USD) from 190 victims, mostly in Italy and Turkey.

Apparently, the scam was perpetrated through a combination of “man-in-the-browser” attacks, which allowed the criminals to usurp victims’ credentials via a compromised webpage. After the money was stolen, automatic transactions funneled funds to “money mule accounts.”

The researchers named the operation after the panel used in the server (/server/adm/luuuk/).

There were four groups that transmitted funds through special bank accounts and cash-outs at ATMs.

One was responsible for transferring sums of €40,000 to €50,000, another was responsible for transferring 15,000 to 20,000 Euros, and a third was responsible for transferring between €2,500 and €3,000. The last group was responsible for transferring between €1,750 and €2,000.

“The Luuuk’s bosses may be trying to hedge against these losses by setting up different groups with different levels of trust: the more money a ‘drop’ is asked to handle, the more he is trusted,” said Vicente Diaz, a Kaspersky principal security researcher.