Banks are being targeted by a Trojan horse virus that
forwards customers’ temporary login details to
fraudsters.
Banks in the UK, Spain and Germany are among those being
targeted by the Trojan, which loads itself onto customers’ machines
when they are persuaded to visit malicious websites via e-mail.
Once loaded onto users’ machines, the Trojan, known as
MetaFisher, Spy-Agent or PWS, waits until an infected user visits a
legitimate banking website.
The Trojan is then able to capture one-time-use PINs and
transaction numbers that are entered into form fields by the user.
It does this by injecting malicious HTML code into the fields.
As a result of this hijacking of data, the security details
cannot be used by the customer on the website. The login and
transaction information is instead forwarded to remote
fraudsters.
Security researchers believe the information is either being
used by those collecting it, or being sold to others.
Symantec reports that the fraudsters are using an already
patched Windows Meta File flaw in Microsoft’s Internet Explorer to
run the scam. Users who have their machines fully patched should
therefore be protected.
The Trojan also installs keylogging software on infected users’
machines, in an attempt to steal other inputted data.