Banks are being targeted by a Trojan horse virus that forwards customers’ temporary login details to fraudsters.
Banks in the UK, Spain and Germany are among those being targeted by the Trojan, which loads itself onto customers’ machines when they are persuaded to visit malicious websites via e-mail.
Once loaded onto users’ machines, the Trojan, known as MetaFisher, Spy-Agent or PWS, waits until an infected user visits a legitimate banking website.
The Trojan is then able to capture one-time-use PINs and transaction numbers that are entered into form fields by the user. It does this by injecting malicious HTML code into the fields.
As a result of this hijacking of data, the security details cannot be used by the customer on the website. The login and transaction information is instead forwarded to remote fraudsters.
Security researchers believe the information is either being used by those collecting it, or being sold to others.
Symantec reports that the fraudsters are using an already patched Windows Meta File flaw in Microsoft’s Internet Explorer to run the scam. Users who have their machines fully patched should therefore be protected.
The Trojan also installs keylogging software on infected users’ machines, in an attempt to steal other inputted data.