Banking malware and the laundering of its profits
| Author | Bart HM Custers,Ronald LD Pool,Remon Cornelisse |
| DOI | 10.1177/1477370818788007 |
| Published date | 01 November 2019 |
| Date | 01 November 2019 |
| Subject Matter | Articles |
https://doi.org/10.1177/1477370818788007
European Journal of Criminology
2019, Vol. 16(6) 728 –745
© The Author(s) 2018
Article reuse guidelines:
sagepub.com/journals-permissions
DOI: 10.1177/1477370818788007
journals.sagepub.com/home/euc
Banking malware and the
laundering of its profits
Bart HM Custers
Leiden University, The Netherlands
Ronald LD Pool
ICTRecht, The Netherlands
Remon Cornelisse
Statistics Netherlands (CBS), The Netherlands
Abstract
Banking malware is malicious software that aims to steal money from victims via manipulated
bank transfers in online banking. This paper describes how the profits of banking malware are
generated and subsequently laundered, with a particular focus on the use of bitcoins and other
digital payment methods. Computers are infected with banking malware via phishing emails, in
which people are persuaded in various ways to click on links or open attachments, or via exploit
kits, programs that try to find weak spots in the security of computer systems. After infection,
bank transfers of the online banking accounts of victims are manipulated via fake website screens
(web injects). Behind the screens the amounts and beneficiaries of transactions are modified,
emptying the victims’ bank accounts. In the next step, the banking malware profits are laundered.
In this paper we describe two models that are used in particular (next to more traditional money
laundering methods). The first model involves the use of money mules and a quick cash-out. The
second model focuses on direct spending via (a) direct purchases of products via online shopping,
(b) direct purchases of bitcoins via Bitcoin exchanges or (c) direct purchases of luxury goods.
Bitcoins can be further laundered via so-called mixing services. All in all, these methods allow
criminals to launder profits in relative anonymity and prevent seizure of the illegal profits.
Keywords
Banking malware, bitcoins, cybercrime, money laundering, money mules
Corresponding author:
Bart HM Custers, Leiden Law School, Steenschuur 25, Leiden, 2311ES, The Netherlands.
Email: b.h.m.custers@law.leidenuniv.nl
788007EUC0010.1177/1477370818788007European Journal of CriminologyCusters et al.
research-article2018
Article
Custers et al. 729
Introduction
Despite a lot of research on money laundering of profits of traditional crime such as drug
trafficking (Savona, 2005; Schaap, 1998), relatively little is known about the money
laundering of cybercrime. Whereas in traditional crime the profits are often in cash,
cybercrime profits are often generated in the form of electronic money (that is, digital
euros, dollars, etc. on online bank accounts). Furthermore, in the area of cybercrime,
there exists valuable research on financial cybercrime, phishing and related areas, but
most of it focuses on the victims of cybercrime (Anderson, 2006; Choi, 2008; Harrell and
Langton, 2013; Leukfeldt, 2014, 2015; Jansen and Leukfeldt, 2016; Ngo and Paternoster,
2011; Van Wilsem, 2011; Vishwanath et al., 2011), whereas research on the cybercrimi-
nals and their methods is limited. In this paper we try to add to existing knowledge and
literature by focusing on the laundering of cybercrime profits and the methods cyber-
criminals use for this. We focus specifically on the profits of banking malware, a type of
financial cybercrime that uses malicious software (or ‘malware’ in short) that aims to
steal money from victims via manipulated bank transfers in online banking.
Banking malware has been one of the most prominent threats in the area of cyber-
crime in recent years and cybercriminals generate large profits with banking malware
(Europol, 2015a: 7). In July 2015, it was reported that a group of cybercriminals gener-
ated profits amounting to €100 million with banking malware between 2005 and 2014
(Sandee, 2015: 3). Although banks have taken several measures to address and mitigate
this threat, their clients are still being attacked by cybercriminals on a daily basis.
Similar to other crimes in which criminals aim to make profits, in the case of banking
malware and other types of financial cybercrime it is necessary to launder the generated
profits. When the profits are not laundered, their origins can easily be traced and this may
increase the likelihood that the cybercriminals will be caught. In the case of banking
malware, it is electronic money that has to be laundered in order to conceal its illegal
origins and prevent seizure of the profits.
In this paper we will provide an answer to the key question: ‘How are the profits of
banking malware generated and subsequently laundered?’ In answering this question, we
will particularly focus on the role of bitcoins and other digital payment methods. For
instance, Europol signals a shift from the use of more traditional payment methods towards
digital payment methods, such as bitcoin, that offer more anonymity (Europol, 2015a: 30).
This paper is structured as follows. In the next section we describe the methodology
used in our research. In the third section we describe what banking malware is and how
it works. In the fourth section we identify two different models that are used for the laun-
dering of banking malware profits, illustrated by a real police case in one of the police
files we encountered in our research. In the fifth section the methods for laundering bit-
coins are described. The final section provides conclusions.
Methodology
The key question of this paper was answered in a research project that was carried out
by the authors when working for WODC, the Research Centre of the Ministry of
Security and Justice in the Netherlands (Oerlemans et al., 2016). This research was
To continue reading
Request your trial