700,000 rubles stolen from Yekaterinburg woman's card via malware

From the account of Yekaterinburg resident Ksenia, unknown persons withdrew 700,000 rubles (approximately $7,800 at current rates), which was the credit limit on her Uralsib Bank card. The money was transferred at night to the account of another bank client — Muscovite Alexei, who also became a victim of fraudsters by downloading a phishing app. As a result, the funds disappeared, both clients were left with nothing, and a criminal case was initiated over the incident.

The bank reported that the operations were confirmed with codes from SMS. However, Ksenia herself claims that she did not receive any messages and did not give the codes to anyone. The money credited to Alexei«s account was quickly withdrawn by third parties, after which all his accounts were blocked.

Dmitry Dudkov, the chief specialist at F6 company for combating financial fraud, believes that most likely, malicious software was installed on the victim woman«s phone. »It allowed the attackers to control all user actions and perform operations on her behalf. This includes viewing information about loan applications, reading and hiding SMS with confirmation of logging into the bank«s personal account and notifications about performed operations,» explained the expert.

According to the specialist, the threat often comes from Android devices. Traces of malicious programs are found on approximately 1.5% of such gadgets in Russia, and in almost half of compromised cases, the Mamont remote access trojan is detected.

The updated version of this virus, dated December 2025, provides attackers with broad capabilities:

• Reading all SMS, including archives, and sending messages from the victim«s phone;
• Searching the device for banking apps, marketplaces, messengers, and social networks;
• Obtaining data about SIM cards and sending USSD requests.

This allows criminals to assess the financial situation of the phone owner, the presence of loans, and understand which service passwords come via SMS.

Malicious programs often disguise themselves as useful applications, antiviruses, or folders with media files. They are spread through building chats or mass mailings to contacts. Dmitry Dudkov clarified: «Most often, the information obtained... is enough for criminals to carry out illegal financial operations... The total damage from using Mamont against clients of Russian banks in November 2025 alone may exceed 150 million rubles (approximately $1.67 million at current rates).»

Earlier, a similar case occurred with a resident of Krasnouralsk (Sverdlovsk Oblast), who also unexpectedly received 700,000 rubles from fraudsters to his account, but there the man himself provided the details to the attackers.