SAN FRANCISCO - More than 30 financial institutions in six countries have been defrauded by sophisticated criminal software that convinces bank customers to install rogue smartphone programs, a major security company reported on Tuesday.
Though many of the elements of the malicious software, including the interception of one-time passwords sent to phones, have been used elsewhere, the latest criminal campaign is unusual in that it combines many different techniques and leaves few traces.
Researchers at Trend Micro Inc, which dubbed the campaign Emmental after the Swiss cheese, said they were working with European police and major banks on the continent that were early victims. Banks in Austria, Sweden, Switzerland and Japan have all been hit, with damages somewhere in the millions of dollars, said Trend Micro Chief Cyber security Officer Tom Kellermann.
Kellermann said that some of the attackers were in Romania but that the leader spoke Russian and could be based there.