Warning out vs sneakier 'evolved' banking fraud malware
In what appears to be the latest twist in an endless cat-and-mouse game, cybercriminals have evolved their malware to thwart banks' stricter controls against phishing.
The latest trick involves a new tool that can automate online banking fraud via automatic transfer systems (ATSs), security vendor Trend Micro said.
"With ATS..., attackers have taken things to the next level. Instead of merely passively stealing information, ATSs allow cybercriminals to instantly carry out financial transactions that could deplete users’ bank accounts without their knowledge," Trend Micro said in a blog post.
Such malware may no longer need user intervention to key in user names and passwords, thus allowing cybercriminals to automatically transfer funds from victims’ accounts to their own without leaving traces of their presence, it added.
In contrast, earlier malware families like ZeuS and SpyEye used Webinject files to modify the websites of targeted organizations such as banks.
A Webinject file is a text file with JavaScript and HTML code that contains the code the attacker wants to insert into the targeted websites.
Trend Micro said the ATS runs a script on the victim computer in the background, initiating a withdrawal transaction to send the fund to a mule account, which then transfers the funds to the cybercriminal.
It said ATS scripts modify account balances and hide illegitimate transactions from the victims.
Worse, the infections inject fake data into online banking sessions so users suspect nothing wrong.
"As long as a system remains infected with an ATS, its user will not be able to see the illegitimate transactions made from his or her accounts," Trend Micro said.
Defense against such attacks will start with blocking the initial infection that may come from a phishing email or drive-by downloads from malicious sites, or even compromised legitimate sites.
"If infected, it is difficult for the user to identify that they've been compromised and since ATSs perform the fraudulent transactions in the background, users should frequently monitor their banking transactions using other methods than viewing online (such as) phone, email or mail-based statements," it said. — LBG, GMA News
The latest trick involves a new tool that can automate online banking fraud via automatic transfer systems (ATSs), security vendor Trend Micro said.
"With ATS..., attackers have taken things to the next level. Instead of merely passively stealing information, ATSs allow cybercriminals to instantly carry out financial transactions that could deplete users’ bank accounts without their knowledge," Trend Micro said in a blog post.
Such malware may no longer need user intervention to key in user names and passwords, thus allowing cybercriminals to automatically transfer funds from victims’ accounts to their own without leaving traces of their presence, it added.
In contrast, earlier malware families like ZeuS and SpyEye used Webinject files to modify the websites of targeted organizations such as banks.
A Webinject file is a text file with JavaScript and HTML code that contains the code the attacker wants to insert into the targeted websites.
Trend Micro said the ATS runs a script on the victim computer in the background, initiating a withdrawal transaction to send the fund to a mule account, which then transfers the funds to the cybercriminal.
It said ATS scripts modify account balances and hide illegitimate transactions from the victims.
Worse, the infections inject fake data into online banking sessions so users suspect nothing wrong.
"As long as a system remains infected with an ATS, its user will not be able to see the illegitimate transactions made from his or her accounts," Trend Micro said.
Defense against such attacks will start with blocking the initial infection that may come from a phishing email or drive-by downloads from malicious sites, or even compromised legitimate sites.
"If infected, it is difficult for the user to identify that they've been compromised and since ATSs perform the fraudulent transactions in the background, users should frequently monitor their banking transactions using other methods than viewing online (such as) phone, email or mail-based statements," it said. — LBG, GMA News
We welcome healthy discussions and friendly debate! Please click Flag to alert us of a comment that may be abusive or threatening. Read our full comment policy here.
Comments Powered by Disqus
Top Stories
advertisement
Talk of the web
Related photos
advertisement
advertisement