Zeus Trojan uses phone numbers to steal authentication codes

A Zeus Trojan variant that steals SMS codes for two-factor authentication is targeting Polish online banking customers.

A Zeus Trojan variant that steals SMS codes for two-factor authentication is targeting Polish online banking customers.

Several European banks have introduced two-factor authentication that uses a one-time pass code generated sent to mobile phones by text using SMS technology.

These SMS codes are known as mobile transaction authentication numbers (mTANs).

The extra level of authentication was aimed at reducing fraud carried out by criminals using Zeus or SpyEye Trojans, but a variant of Zeus is bypassing this protection.

Attacks targeting online customers of ING Bank Slaski were first reported by security consultant Piotr Konieczny in a blog post, according to security firm, F-Secure.

The attacks use the same type of Zeus man-in-the-mobile (Mitmo) attack that took place in Spain last year, said F-Secure.

Spanish security company, S21sec was the first to report on the Zeus Mitmo.

The Zeus Mitmo steals mTANs and computers infected with a ZeuS Mitmo trojan will inject a "security notification" into the web banking process. This asks users to enter their mobile phone number.

If a phone number is provided, the user will receive an SMS link pointing to the mobile component, ZeusMitmo.A, which will steal mTANs sent by the bank.

The malware also prevents users from being notified of new messages, so cybercriminals can initiate transactions and confirm them with the stolen mTANs without raising suspicion.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close