cyber security

UK banks hit by password bypassing malware, says Trusteer

Warwick Ashford

Cyber criminals are stepping up their use of social engineering techniques to bypass increasingly security-aware users of online banking and e-commerce sites, according to security firm Trusteer.

Using HTML injection, new malware variants present the victim with new input fields, security warnings and customised text during login, account navigation and transactions.

Some malware variants go as far as creating custom, localised pages that are generated based on the victim’s language preference to make fake, malicious websites appear legitimate.

Trusteer’s security team recently analysed a Ramnit variant that is targeting a UK bank with a clever one-time password (OTP) scam.

The malware stays idle until the user logs into their account, but then it presents them with a message about configuring their OTP service or about a new security process.

New malware variants present the victim with new input fields, security warnings and customised text during login, account navigation and transactions

While the victim is reading the messages, Ramnit connects to its command and control server and obtains the details of a designated money laundering bank account and sets up a wire transfer.

This triggers an OTP to be sent to the victim, who is then asked by the malware to enter the OTP they have just received.

The victim thinks the OTP is required to complete the fake security update process, meanwhile they are supplying the cyber criminal with the critical element needed to complete the wire transfer.

“This is yet another example of how well-designed social engineering techniques help streamline the fraud process,” said Etay Maor, fraud prevention solutions manager at Trusteer.

Cyber criminals are even modifying frequently asked questions on bank sites to make their methods seem even more plausible, he said.

For example, Trusteer found at one bank that the word “transaction” had been replaced with “operation” in the OTP entry to make it more plausible that OTPs would be used in a variety of ways.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy