Crime

700K Rubles Stolen from Credit Card in Yekaterinburg: Expert Analysis

A Yekaterinburg woman lost 700,000 rubles from her credit card in a fraud scheme, and a cybersecurity expert reveals how the theft occurred.
Feb 22, 2026
0
The cause of all the problems could have been malicious software on the client«s phone.
Source:
Natalya Laptsevich / 74.RU

700,000 rubles (approximately $7,800 at current rates) disappeared from the credit card of a Yekaterinburg resident. One night, someone transferred this money to a stranger from Moscow, and then withdrew it to another account. As a result, both bank customers were left without money and in debt. An expert explained how this could have happened.

We covered the details of this situation in a separate article. In August 2025, Ksenia applied for a credit card from Uralsib Bank with a limit of 700,000 rubles, but did not get to use it—about a month later, the money disappeared.

Several transfers were made from her card via the Fast Payment System (SBP). As the bank reported, the operations were confirmed by SMS codes, which supposedly were sent to the client. She, in turn, claims that she did not receive any codes and, accordingly, did not provide them to anyone.

Later it turned out that the money was credited to the account of Alexei from Moscow, who had taken out an installment plan from the same bank for purchasing equipment. It turned out that he downloaded a fake bank application from a phishing site. The money from Ksenia«s card, which ended up in Alexei»s account without his consent, had already been withdrawn by third parties. As a result, the Muscovite«s accounts were all blocked. A criminal case has been initiated.

Dmitry Dudkov, the lead specialist at company F6 for combating financial fraud, explained what could have caused this situation. It«s not just about issues with the banking application on Alexei»s phone.

“Most likely, malicious software was installed on Ksenia«s device, which allowed the attackers to control all user actions and perform operations on her behalf. Including viewing information about the loan application, reading and hiding SMS with confirmation of logging into the bank»s personal account and notifications about performed operations,” suggested Dmitry Dudkov.

The expert added that dangerous applications are especially widespread on the Android operating system. On approximately 1.5% of Android devices in Russia, there are traces of malicious software. In almost half of the compromised gadgets, traces of the remote access trojan Mamont are present.

The December 2025 version of Mamont allows fraudsters to:

  • read all the user«s SMS, including the archive of messages received even before installing the malicious application, and send SMS from their phone;

  • find on the device applications of banks, financial organizations, marketplaces, messengers, and social networks;

  • obtain data about SIM cards and send USSD requests.

This allows cybercriminals to estimate the approximate balance of the victim«s bank accounts, the presence of loans, and find out which service passwords are received via SMS.

The danger for users is that malicious programs are distributed under the guise of useful applications, antiviruses, folders with photos and videos, lists of participants in the Special Military Operation (SVO), and under other masks. Among the typical names of such malicious files are “Photo_Of_A_Terrible_Accident”, “PHOTO”, “[Name of a popular search engine]Photo”, “MyVideo”. Usually, attackers send infected files to building chats or make mass mailings to all the victim«s contacts.

“Most often, the obtained information (personal data, phone number, interception of SMS on the device) is enough for criminals to carry out illegal financial operations—logging into personal accounts of banks, credit and microfinance organizations, obtaining loans and borrowings, illegal money transfers. The total damage from using Mamont against clients of Russian banks only in November 2025 may exceed 150 million rubles (approximately $1.7 million at current rates),” clarified Dmitry Dudkov.

Earlier we told a similar story that happened with a resident of Krasnouralsk in the Sverdlovsk region. He received 700,000 rubles from fraud victims on his card. The difference between this story and the case of Ksenia and Alexei is that in that case, the man himself provided the criminals with his account details. Now he will have to return the stolen money to the deceived woman.

Read our analysis on who droppers are (individuals who transfer illicit funds). All materials on how fraudsters deceive Ural residents, we collect in a special section.

Read more
Rostov weekly: school assault, bus crash, market shutRostov weekly: school assault, bus crash, market shut
Rostov weekly: school assault, bus crash, market shut
Mar 6, 2026
0
Ex-deputy construction supervisor denied 32M ruble fine installmentsEx-deputy construction supervisor denied 32M ruble fine installments
Ex-deputy construction supervisor denied 32M ruble fine installments
Mar 6, 2026
0
Kuzbass HR Experts List Professions in Severe ShortageKuzbass HR Experts List Professions in Severe Shortage
Kuzbass HR Experts List Professions in Severe Shortage
Mar 6, 2026
0
19th-century mill in Ufa remains unsold after second auction19th-century mill in Ufa remains unsold after second auction
19th-century mill in Ufa remains unsold after second auction
Mar 6, 2026
0
Kazan limeberry trend: what it is and priceKazan limeberry trend: what it is and price
Kazan limeberry trend: what it is and price
Mar 6, 2026
0
EXEED Launches Software Update for EXLANTIX ET CrossoverEXEED Launches Software Update for EXLANTIX ET Crossover
EXEED Launches Software Update for EXLANTIX ET Crossover
Mar 6, 2026
0

Rubrics

AutoBusinessSpringCityTransportFoodAnimalsHealthWinterCrimeCultureSummerMy homeScienceRealtyEducationSocietyRelationshipsAutumnPoliticsIncidentsWorkEntertainmentReligionFamilySportStyleCountryEcologyEconomy