If cybercrime would be promoting their malware, for sure they would call their EuroGrabber 'next-generation' Zeus crimeware. This is (a lot) more than your run-of-the-mill banking Trojan. These guys have penetrated SMS-based 2-factor authentication and are exploiting it at full speed, Check Point Software Ltd intrusion prevention product manager Darrell Burkey announced. What's most concerning, as per Burkey, is how smart the criminals engineered this malware. "The attack specifically targeted a certain type of authentication," he stated. The new version has already stolen more than 36 million Euros ($47 million U.S) from roughly 30,000 accounts at European banks, both consumer and corporate users, performing automatic transfers that varied from €500€ to €250,000 to intermediary accounts controlled by members of the gang.First you have to understand that mobile authentication is used all over in Europe for bank transactions, and that U.S. banks are moving into the same direction for some services. The Eurograbber attack first infects a user's PC with a banking Trojan, using social engineering and next it infects the user's mobile device with a second social engineering trick, when the user is fooled again into clicking on a link that now infects their phone.
When a user with an infected machine visits a banking site, the malware intercepts the session and injects a JavaScript onto the page. The user is notified of a "security upgrade," which involves providing cell phone information. When the cyberthieves send a confirmation message to the phone, it asks users to click on a link that actually infects the phone.
The malware targets the Android and Blackberry platforms, and has not been spotted on the iPhone yet. Originally, the attacks were first spotted in Italy, and then bank customers saw the same exploit pop up in Germany, Holland and Spain after the cyber gang had done their translations, testing and quality assurance.
What you may not be aware of that in Eastern Europe, there are some people that go to work at 9 in the morning, punch the time clock, have lunch, leave the office at five and get health insurance, but what they do during the day is develop and test malware for criminal use. There are several competing criminal software companies out there, trying to outdo each other in creating the most advanced banking trojans.
"This attack meets all the key buzzwords we hear about attacks today," Burkey says during an interview with BankInfoSecurity. "It's sophisticated in the way it goes about taking advantage of two-factor authentication. It's targeted. It's stealthy. And, unfortunately, it's successful." The exploit was first discovered in August by Versafe, an online identity-theft protections provider.
Now, how can these attacks be prevented? The bad guys go after the weak link in IT security: the human. That means they send well-crafted phishing emails that make people click because they either think they get something for free, or try to prevent a negative consequence. There are thousands of ways that the bad guys can trick someone, and only one way to prevent an attack from happening:
Security awareness training which will arm both consumers and organizations against increasingly sophisticated malware attacks.
Here's how it works:
