A new Trojan called "W32.Silon" is the latest headache for online banks and their customers, packing a one-two punch that helps it evade security tokens and steal customer log-in information at the same time.
The two-headed Trojan, according to online security software vendor Trusteer, uses a "two-pronged payload" to steal log-in information and commit financial fraud at popular online banks.
"This new Trojan illustrates how advanced malware writers have become in their ability to dynamically execute multiple, bank-specific attacks with a single piece of software," Amit Klein, CTO and chief researcher at Trusteer, said in a statement. "The level of sophistication built into W32.Silon is concerning, as is its focus on circumventing strong authentication systems like card and PIN readers."
W32.Silon is a new malware variant that intercepts Internet Explorer Web browser sessions and has been associated with fraud incidents at several large banks, according to Trusteer researchers.
To steal user credentials, W32.Silon performs its initial attack when a user begins a Web log-in session and enters his username and password. The malware intercepts the log-in POST request, encrypts the requested data and sends it to a command-and-control (C&C) server.
When it targets users of online banking applications that are protected by transaction authentication devices such as tokens or banking card readers, W32.Silon waits until the user has logged in and then injects dynamic HTML code into the log-in flow between the user and the bank's Web server.
First, the malware presents authentic-looking Web pages that appear to be from the bank asking users to employ their transaction authentication device. Next, the user is asked to enter information from the device into the Web page.
This information is then used by the criminals to execute fraudulent transactions on behalf of the user
Devious Trojan Attacks Online Banks
8:05 PM
No comments
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment