Feeds

New Trojan preys on commercial banking customers

Feeding on fat cats

The essential guide to IT transformation

A researcher has uncovered malware that targets commercial bank customers by logging into their online accounts and wiring large sums to accounts under the control of criminals.

The Prg Bank Trojan is known to have cost victims at least $200,000, but the actual damage is suspected to be much higher, said Don Jackson, a researcher with Security services provider SecureWorks. The software has attacked commercial clients of about 20 banks in the US, the UK, Spain and Italy over the past six months.

Jackson attributes the malware's success to several clever design features. For one, hackers are alerted each time an online transaction is initiated, allowing the account to be compromised without having to enter a victim's username and password. In addition, the trojan is notable for a focus on commercial banking clients.

"These people have high balances and by default, because the liability for these accounts is on the business and not the bank, they have access to wire transfers," he told El Reg.

The malware is a variant of the Prg Trojan, which logs all data entered into a web browser and transmits it to its authors. The older Trojan has been in the wild for more than a year and is known to have stolen social security numbers, credit card details and other personal details for more than 50,000 victims, according to SecureWorks. The new banking version was unleashed about six months ago and is the handiwork of a Russian cybergang known as UpLevel.

Prg Trojan spreads through malicious links embedded in emails and from booby-trapped iFrames injected into websites. Once Prg is installed, hackers use stolen information to spear phishing victims who control commercial bank accounts by sending a well-crafted email that purports to be from their bank. It entreats the mark to download a new soft token, client certificate or security code. When victims take the bait, the updated Prg Banking Trojan is installed.

The update phones home every time the victim does online banking, allowing the hacker to piggyback on sessions. The malware simulates the keystrokes a user would be expected to type if requesting a wire transfer. Because each bank's website is different, the Trojan is customized for about 20 different institutions, Jackson said.

Through work with law enforcement investigators, Jackson has seen losses of $200,000, but because he believes he is seeing only about 10 percent of the operation, he believes total losses could be as high as $1m. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.