Russian Authorities Arrest Developers of Mamont Android Banking Trojan

TL;DR

• Russian authorities have arrested three suspects in Saratov for developing and distributing the Mamont Android banking trojan.
• The malware, disguised as legitimate apps, steals banking credentials and funds via SMS banking services.
• The operation involved seizing digital equipment and launching criminal investigations under Russian cybercrime laws.

Main Content

Russian authorities have arrested three individuals in Saratov for their role in developing and distributing Mamont, a newly identified Android banking trojan. The arrests were part of a coordinated effort to dismantle the cybercriminal operation, which targeted unsuspecting users through sophisticated malware tactics.

Arrests and Investigation Details

According to an announcement by the Russian Ministry of Internal Affairs (MVD), the three suspects are accused of fraud and unauthorized access to computer information. The investigation was aided by officers from the fraud prevention department of PJSC Sberbank.

“Three Saratov residents are suspected of fraud and unauthorized access to computer information. Officers from the fraud prevention department of PJSC Sberbank assisted in the investigation.” ¹

Preliminary findings indicate that the suspects developed a malware called “Mamont,” which they distributed via Telegram channels. The malware was disguised as safe mobile applications and video files, tricking users into downloading it. Once a device was infected, the perpetrators could use SMS banking services to transfer money from victims’ bank cards to mobile operator accounts and electronic wallets under their control.

Seizure of Equipment and Legal Actions

The authorities have linked the three suspects to over 300 cybercrimes. During the operation, police seized servers, computers, storage devices, and bank cards used in the scheme.

Malware Distribution and Functionality

Mamont is primarily spread through Telegram channels, where it is disguised as legitimate mobile apps or video files. The malware enables the transfer of funds via SMS banking, routing stolen money to phone numbers and electronic wallets controlled by the criminals. Additionally, Mamont can steal banking credentials, push notifications, and other financial information. It can also spread to contacts in the victim’s messenger app.

Scam Tactics and Victim Luring

Scammers often lure victims with fake online stores, directing them to a Telegram chat where they are instructed to download a fake tracking app, which is actually the Mamont malware. This app steals banking data from the victims.

“The attackers claim to sell various products at fairly attractive prices via number of websites. To make a purchase, the victim is asked to join a private Telegram messenger chat, where instructions for placing an order are posted.” ²

Legal Proceedings and Ongoing Investigations

Russian authorities in Saratov have launched criminal cases under Articles 159.6 and 272 of the Criminal Code. Resources linked to the scheme have been blocked, and the suspects face travel restrictions and legal conduct orders. Law enforcement continues to investigate all related crimes and accomplices.

For more details, visit the full article: source

Conclusion

The arrest of the Mamont malware developers highlights the ongoing efforts by law enforcement to combat cybercrime. As digital threats continue to evolve, it is crucial for users to remain vigilant and for authorities to stay proactive in their response to such incidents.

Additional Resources

For further insights, check:

• Kaspersky Report on Mamont Malware
• Russian Ministry of Internal Affairs Announcement

References

1. (2025). “Three Saratov residents are suspected of fraud and unauthorized access to computer information”. Russian Ministry of Internal Affairs. Retrieved 2025-03-28. ↩︎

2. (2025). “The attackers claim to sell various products at fairly attractive prices via number of websites”. Kaspersky. Retrieved 2025-03-28. ↩︎