Computer security firm Trusteer has uncovered a new criminal scheme targeting customers of several German banks. The complex Tatanga Trojan conducts a "Man in the Browser" attack that intercepts online transactions and bypasses authorisation to commit the fraud.
Cyber-criminals have been exploiting the text messaging system many banks in Germany use to authenticate the transactions. When a person transfers funds the bank first sends a transaction authorisation number (TAN) to the customer's mobile phone.
Then, after the victim logs into his or her bank's site, the malware displays a screen saying the bank is performing a security check and asks that at the TAN be entered into a form on the page. Behind the scene, the Trojan checks the victim's accounts for the one with the most money and then requests a TAN from the bank, so the money can be transferred to the hacker's account. To cover its tracks, the malware changes the account balance report in the online banking application.
It's a sophisticated operation, and Trusteer's director of product marketing, Oren Kedem, has warned that, "Many [banks] are using the exact same framework as German banks, so they should care". In particular, US systems incorporate elements of the German SMS system, which will send shockwaves over the Atlantic.
Commenting on the Trojan's cunning ability to check the balances in multiple bank accounts to choose the one with the most money, Kedem described the development as "another step up for malware honing the attack", that means, "nobody is immune".
Source: Network World