Tuesday, September 1, 2015

Over 30 financial institutions defrauded by phone apps used to intercept passwords

0 comments
(iStock)
(iStock)

SAN FRANCISCO - More than 30 financial institutions in six countries have been defrauded by sophisticated criminal software that convinces bank customers to install rogue smartphone programs, a major security company reported on Tuesday.

Though many of the elements of the malicious software, including the interception of one-time passwords sent to phones, have been used elsewhere, the latest criminal campaign is unusual in that it combines many different techniques and leaves few traces.

Researchers at Trend Micro Inc, which dubbed the campaign Emmental after the Swiss cheese, said they were working with European police and major banks on the continent that were early victims. Banks in Austria, Sweden, Switzerland and Japan have all been hit, with damages somewhere in the millions of dollars, said Trend Micro Chief Cyber security Officer Tom Kellermann.

Kellermann said that some of the attackers were in Romania but that the leader spoke Russian and could be based there.

The least sophisticated part of the gang’s work so far appears to be in the delivery of the software, according to a report by Trend Micro researchers. Emails that appear to be from major retailers come with attachments that, when opened, prompt the user to download a malicious attachment of an unusual type, called a control panel item.

If users do not click again, they are safe. If they do, the software goes to work and hides itself out of view of most anti-virus protection.

When an infected user later tries to visit the website of one of the targeted banks, the software redirects them to a fake site, which asks for login details and then prompts the user to download a smartphone app.

That app later intercepts the one-time passwords, giving the gang both that data as well as the login information, enough to clean out an account.

"This shows the continuing escalation, automation and blending of attacks," Kellermann said.

Reuters
0 comments
We encourage respectful comments but reserve the right to delete anything that doesn't contribute to an engaging dialogue.
Help us moderate this thread by flagging comments that violate our guidelines.

Comment policy:

Philly.com comments are intended to be civil, friendly conversations. Please treat other participants with respect and in a way that you would want to be treated. You are responsible for what you say. And please, stay on topic. If you see an objectionable post, please report it to us using the "Report Abuse" option.

Please note that comments are monitored by Philly.com staff. We reserve the right at all times to remove any information or materials that are unlawful, threatening, abusive, libelous, defamatory, obscene, vulgar, pornographic, profane, indecent or otherwise objectionable. Personal attacks, especially on other participants, are not permitted. We reserve the right to permanently block any user who violates these terms and conditions.

Additionally comments that are long, have multiple paragraph breaks, include code, or include hyperlinks may not be posted.

Read 0 comments
 
comments powered by Disqus
Also on Philly.com:
letter icon Newsletter