Malware authors revert to phishing approach to trick bank defenses
Posted on 12.02.2013
Banking malware that performs Man-in-The-Browser tricks such as injecting legitimate banking sites with additional forms, hijacking the authenticated session to add a new payee and transfer money in the background and so on has had much success in the past.

But, as financial institutions have reacted to their existence and have implemented systems for monitoring the online sessions between customers and their web applications, the actions of malware such as Tinba, Tilon, Shylock and others employing the MitB approach get increasingly detected and thwarted. Consequently, the malware authors have had to resort to new tricks to avoid detection.

Trusteer has discovered that Tinba and Tilon have been recently modified to try out a simpler approach: phishing and blocking users from the actual banking page.

"When the customer accesses the bank’s website, the malware presents a completely fake web page that looks like the bank login page. Once the customer enters their login credentials into the fake page the malware presents an error message claiming that the online banking service is currently unavailable. In the meantime, the malware sends the stolen login credentials to the fraudster who then uses a completely different machine to log into the bank as the customer and executes fraudulent transactions," explains Trusteer CTO Amit Klein.

"If the login or transaction requires two-factor authentication (OTP tokens, card and reader, etc.) the malware captures this information as part of the fake login page. Using this tactic the malware never lets the customer reach the bank’s login page, which prevents backend security systems from being able to detect malware anomalies in the session and identify the fraud."

The good news is that fraud attempts associated with these new versions of Tinba and Tilon are still limited. The bad news is that banks who haven't covered both attack vectors - session hijacking and credentials theft - are putting their customers at risk.









Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //