Western-Europeans have lost 47 million dollars in only a few months, following a massive malware attack targeting both Windows computers and mobile users. According to a report issued by security software company CheckPoint, the group of cyber-criminals used a piece of malware called Eurograbber, an application that spun off the notorious Zeus banking Trojan.
The attack starts with a spammy message including a link. As the user clicks the malicious link, they are carried to an exploit page which installs the malware in the background. This piece of malware is then used by cyber-criminals to modify the HTML pages of the banks in real-time from within the browser as the user tries to log in.
The malware also injects another field in the login form that asks the user for the mobile number. If the mobile number is provided, the user would get a malicious message rigged with ZitMO, a mobile version of Zeus that lurks on the device and intercepts messages. ZitMO works on Android, BlackBerry and Windows Mobile phones.
In order to secure transactions, some banks approve transactions only after they have been confirmed. Shortly put, the bank would send a SMS message containing a unique code (mTAN or mobile Transaction Authorization Number) that the user needs to use in order to validate the transfer. Since the attackers had full control of both the browser and the userâ€™s mobile phone, they could easily move funds from one account to another without any problems.
â€œOnline banking customers should make efforts to ensure their computer is current and to also conduct their online banking transactions from the most secure environment possible.Â A computer that is current in OS and application updates and security protections combined with an office network that is protected with multiple layers of security will provide the most protection against attacks like Eurograbber,â€ concludes the report.