News

Zeus Trojan uses phone numbers to steal authentication codes

A Zeus Trojan variant that steals SMS codes for two-factor authentication is targeting Polish online banking customers.

Several European banks have introduced two-factor authentication that uses a one-time pass code generated sent to mobile phones by text using SMS technology.

These SMS codes are known as mobile transaction authentication numbers (mTANs).

The extra level of authentication was aimed at reducing fraud carried out by criminals using Zeus or SpyEye Trojans, but a variant of Zeus is bypassing this protection.

Attacks targeting online customers of ING Bank Slaski were first reported by security consultant Piotr Konieczny in a blog post, according to security firm, F-Secure.

The attacks use the same type of Zeus man-in-the-mobile (Mitmo) attack that took place in Spain last year, said F-Secure.

Spanish security company, S21sec was the first to report on the Zeus Mitmo.

The Zeus Mitmo steals mTANs and computers infected with a ZeuS Mitmo trojan will inject a "security notification" into the web banking process. This asks users to enter their mobile phone number.

If a phone number is provided, the user will receive an SMS link pointing to the mobile component, ZeusMitmo.A, which will steal mTANs sent by the bank.

The malware also prevents users from being notified of new messages, so cybercriminals can initiate transactions and confirm them with the stolen mTANs without raising suspicion.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy