Feeds

New Trojan preys on commercial banking customers

Feeding on fat cats

Top 5 reasons to deploy VMware with Tegile

A researcher has uncovered malware that targets commercial bank customers by logging into their online accounts and wiring large sums to accounts under the control of criminals.

The Prg Bank Trojan is known to have cost victims at least $200,000, but the actual damage is suspected to be much higher, said Don Jackson, a researcher with Security services provider SecureWorks. The software has attacked commercial clients of about 20 banks in the US, the UK, Spain and Italy over the past six months.

Jackson attributes the malware's success to several clever design features. For one, hackers are alerted each time an online transaction is initiated, allowing the account to be compromised without having to enter a victim's username and password. In addition, the trojan is notable for a focus on commercial banking clients.

"These people have high balances and by default, because the liability for these accounts is on the business and not the bank, they have access to wire transfers," he told El Reg.

The malware is a variant of the Prg Trojan, which logs all data entered into a web browser and transmits it to its authors. The older Trojan has been in the wild for more than a year and is known to have stolen social security numbers, credit card details and other personal details for more than 50,000 victims, according to SecureWorks. The new banking version was unleashed about six months ago and is the handiwork of a Russian cybergang known as UpLevel.

Prg Trojan spreads through malicious links embedded in emails and from booby-trapped iFrames injected into websites. Once Prg is installed, hackers use stolen information to spear phishing victims who control commercial bank accounts by sending a well-crafted email that purports to be from their bank. It entreats the mark to download a new soft token, client certificate or security code. When victims take the bait, the updated Prg Banking Trojan is installed.

The update phones home every time the victim does online banking, allowing the hacker to piggyback on sessions. The malware simulates the keystrokes a user would be expected to type if requesting a wire transfer. Because each bank's website is different, the Trojan is customized for about 20 different institutions, Jackson said.

Through work with law enforcement investigators, Jackson has seen losses of $200,000, but because he believes he is seeing only about 10 percent of the operation, he believes total losses could be as high as $1m. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.