The Russian agencies, with help from investigative security firm Group-IB, took 14 months to track down the eight men, according to a press release from the ministry translated by Kaspersky Lab.
The Carberp trojan, which was first discovered in Eastern Europe, is financial malware similar to Zeus and SpyEye, but with more advanced features.
The Russian authorities searched the apartments of two Moscow residents who are believed to be responsible for managing the Carberp scam. They confiscated computer equipment that was used to spread the malware, as well as "a large number of bank cards,...funds amounting to more than seven and a half million rubles" ($256,000), and fake documentation, according to Kaspersky Lab.
The two Moscow residents are brothers in their thirties. The younger sibling, who played a key role in the thefts, will remain in custody while the elder sibling is being held on three million rubles' bail. The other six members will remain under house arrest, according to the translated ministry release. If convicted, the group's eight members could face up to 10 years in prison.
According to Group-IB, the ring stole 130 million rubles ($4.4 million) from clients of over 100 banking institutions in just the last quarter. The group was also involved in distributed denial of service attacks.
“Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infection”, said Ilya Sachkov, Group-IB’s chief executive officer. “The investigations conducted by our forensics lab confirmed the use of the Win32/Carberp and Win32/Rdpdor malware by the criminals in order to carry out theft of funds.”