Malware called Eurograbber steals 36 million Euros

Hacker -1If cybercrime would be promoting their malware, for sure they would call their EuroGrabber 'next-generation' Zeus crimeware. This is (a lot) more than your run-of-the-mill banking Trojan. These guys have penetrated SMS-based 2-factor authentication and are exploiting it at full speed, Check Point Software Ltd intrusion prevention product manager Darrell Burkey announced. What's most concerning, as per Burkey, is how smart the criminals engineered this malware. "The attack specifically targeted a certain type of authentication," he stated. The new version has already stolen more than 36 million Euros ($47 million U.S) from roughly 30,000 accounts at European banks, both consumer and corporate users, performing automatic transfers that varied from €500€ to €250,000 to intermediary accounts controlled by members of the gang.

First you have to understand that mobile authentication is used all over in Europe for bank transactions, and that U.S. banks are moving into the same direction for some services. The Eurograbber attack first infects a user's PC with a banking Trojan, using social engineering and next it infects the user's mobile device with a second social engineering trick, when the user is fooled again into clicking on a link that now infects their phone.

When a user with an infected machine visits a banking site, the malware intercepts the session and injects a JavaScript onto the page. The user is notified of a "security upgrade," which involves providing cell phone information. When the cyberthieves send a confirmation message to the phone, it asks users to click on a link that actually infects the phone.

The malware targets the Android and Blackberry platforms, and has not been spotted on the iPhone yet. Originally, the attacks were first spotted in Italy, and then bank customers saw the same exploit pop up in Germany, Holland and Spain after the cyber gang had done their translations, testing and quality assurance.

What you may not be aware of that in Eastern Europe, there are some people that go to work at 9 in the morning, punch the time clock, have lunch, leave the office at five and get health insurance, but what they do during the day is develop and test malware for criminal use. There are several competing criminal software companies out there, trying to outdo each other in creating the most advanced banking trojans.

"This attack meets all the key buzzwords we hear about attacks today," Burkey says during an interview with BankInfoSecurity. "It's sophisticated in the way it goes about taking advantage of two-factor authentication. It's targeted. It's stealthy. And, unfortunately, it's successful." The exploit was first discovered in August by Versafe, an online identity-theft protections provider.

Now, how can these attacks be prevented? The bad guys go after the weak link in IT security: the human. That means they send well-crafted phishing emails that make people click because they either think they get something for free, or try to prevent a negative consequence. There are thousands of ways that the bad guys can trick someone, and only one way to prevent an attack from happening:

Security awareness training
which will arm both consumers and organizations against increasingly sophisticated malware attacks.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews