Results 1 to 1 of 1
-
27th Jul 2014, 05:42 PM #1
Swiss Banks Targeted by Clever Malware
A group of cybercriminals, who are believed to be of Russian origin, have deployed a malicious campaign that seeks access to bank accounts mainly in Switzerland, Sweden, Austria and several other European countries.
The technique used by the attackers is designed to steal the login data for the bank account and to bypass the two-factor authentication by hijacking the short text messages received by the owner of the account.
After receiving a fake email from a popular company, the victims are lured into opening an RTF file attached to the message. After executing a chain of files, the computer is infected with malware capable of changing the machine’s Domain Name System (DNS) server settings so that they point to a system controlled by the attackers.
From this point onward, the cybercriminals can control how the domains are resolved, which means that they can point the user to an online location that appears to be a bank’s website, but instead it is a phishing page, from their server.
Trend Micro dubbed this campaign Operation Emmental and analyzed the modus operandi. It says that the malware also installs a new root SSL certificate so that the communication with the phishing site appears secure, just like in the case of legitimate online banking.
The interesting part is that the malware runs a self-delete routine after all this, leaving no trace of “infection,” which simply consists in a modification of the system’s settings.
Upon investigating multiple rogue DNS servers, researchers at Trend Micro learned that there were 16 bank domains targeted in Switzerland, six in Austria, seven in Sweden, and five in Japan.
Plenty of the banks have two-factor authentification (a code sent to a token device, which can be a mobile phone) implemented as a security measure for their customers. As such, the cyber crooks could not access the accounts based on the user name and passwords collected through phishing.
“The regular procedure is to wait for an SMS from the bank but instead of that, the phishing page instructs the users to install a special mobile app in order to receive a number presumably via SMS that they should then type into a website form,” says the report from Trend Micro.
The fake mobile app actually intercepts the two-factor authentication code from the bank and sends it to the crooks, offering them full access to the bank account. It appears that if the mobile device does not have network connectivity, the rogue app can send the code via SMS.
Additional functionality of the malicious app consists in exfiltrating details such as phone number, phone model, Global System for Mobile Communications (GSM) operator and country/region information.Kepler Reviewed by Kepler on . Swiss Banks Targeted by Clever Malware http://i1-news.softpedia-static.com/images/news-700/Swiss-Banks-Targeted-By-Clever-Malware.jpg A group of cybercriminals, who are believed to be of Russian origin, have deployed a malicious campaign that seeks access to bank accounts mainly in Switzerland, Sweden, Austria and several other European countries. The technique used by the attackers is designed to steal the login data for the bank account and to bypass the two-factor authentication by hijacking the short text messages Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Hotfile's digital locker service targeted by Hollywood
By avRo in forum News & Current EventsReplies: 3Last Post: 15th Mar 2012, 04:32 PM -
EVE Online Targeted By LulzSec
By Daniel in forum News & Current EventsReplies: 0Last Post: 14th Jun 2011, 08:35 PM -
US Military BitTorrent Users Targeted By MPAA/RIAA
By DeathKnell in forum News & Current EventsReplies: 0Last Post: 19th Jan 2010, 09:48 AM -
Oldest BitTorrent Site Targeted by Police, Owner Arrested
By DJ Norix in forum News & Current EventsReplies: 3Last Post: 5th Aug 2009, 05:56 AM -
[28/5/08]#2 What.CD, SumoTracker, BTMon, and FullDls Targeted by CRIA
By Lease in forum News & Current EventsReplies: 0Last Post: 28th May 2008, 04:25 AM
themaCreator - create posts from...
Version 3.24 released. Open older version (or...