Skip to main content

Cybercriminals steal over €500,000 from EU bank in just a week

Internet security firm Kaspersky Labs has discovered evidence of online criminals robbing more than 190 customers of a European bank.

The attack, which appeared to involve the theft of over €500,000 (£400,000) over the course of a week, was detected back in January of this year.

Read more: The cybercrime economy could be bigger than Apple, Google and Facebook combined

The firm believes that most of the victims were based in Italy or Turkey and have alerted the relevant authorities, although it appears that the criminals have deleted any evidence that could be used to identify them.

The security company has codenamed the attack, Luuk, and believes a Trojan virus was used to intercept financial data and make fraudulent transactions once the user had logged into their online bank account.

The company accepted that there was more information to be found, but had a good indication of the type of malware being used.

"On the command-and-control server we detected there was no information as to which specific malware program was used in this campaign," said Vicente Diaz, principal security researcher at Kaspersky Lab, in a statement.

"We believe the malware used in this campaign could be a Zeus flavour."

A Zeus Trojan, which was first discovered in 2007 and has the ability to steal data from the Windows operating system, is believed to have been used in previous major-scale bank thefts.

According to data obtained by Kaspersky, it is believed that the amount stolen from each account ranged from €1,700 to €39,000.

In an interview with the BBC, Alan Woodward, an independent security consultant said that the attack was a sophisticated and coordinated effort.

Read more: Four cyber-criminals arrested following £1m bank theft

"The way you have to get this money into the real world involves sending it to real accounts and getting 'money mules' to take it out, so would require significant organisation."

The firm declined to identify the bank involved, but is continuing to search for evidence of those involved in the attack.