Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Group-IB first learned of the Cron malware gang in March 2015, when the criminal gang was distributing the Cron Bot malware disguised as Viber and Google Play apps. The Cron malware gang abused the popularity of SMS-banking services and distributed the malware onto victims' Android devices by setting up apps designed to mimic banks' official apps. The gang even inserted the malware into fake mobile apps for popular pornography websites, such as PornHub. After targeting customers of the Bank in Russia, where they were living in, the Cron gang planned to expand its operation by targeting customers of banks in various countries, including the US, the UK, Germany, France, Turkey, Singapore, and Australia. In June 2016, the gang rented a piece of malware called 'Tiny.z' for $2,000 per month, designed to attack customers of Russian banks as well as international banks in Britain, Germany, France, the United States and Turkey, among other countries.
No exploited CVEs have been attributed to this threat actor yet.
Browse CVE Database