Slovenian police have arrested five people accused of infecting computers at small businesses with malware, accessing online banking accounts and stealing around EUR2 million.
The Slovenian national Computer Emergency Response Team says that it first began receiving reports that a gang was attacking firms in the middle of last year and built its case before raiding 12 houses and arresting five people this week.
The gang sent e-mails purporting to be from local banks warning of late payments to accountants at small and medium companies.
The messages contained attachments with malware, which, if clicked installed a RAT (Remote Administration Toolkit) on the computer, enabling the crooks to observe the activity on the infected system.
According to Wired, all 48 victims were customers of the same, unnamed, bank which uses a card authentication system directly connected to the client's computer. If users left their card in the reader, the crooks could access their account with a keylogged password.
The attacks usually happened on Fridays or the day before a national holiday, leaving the gang time to queue bank transfer orders unobserved.
A group of around 25 money mules - recruited with the work-at-home scam in the name of a non-existent British insurance company - were used to transfer the money.