Feeds

New Trojan preys on commercial banking customers

Feeding on fat cats

Beginner's guide to SSL certificates

A researcher has uncovered malware that targets commercial bank customers by logging into their online accounts and wiring large sums to accounts under the control of criminals.

The Prg Bank Trojan is known to have cost victims at least $200,000, but the actual damage is suspected to be much higher, said Don Jackson, a researcher with Security services provider SecureWorks. The software has attacked commercial clients of about 20 banks in the US, the UK, Spain and Italy over the past six months.

Jackson attributes the malware's success to several clever design features. For one, hackers are alerted each time an online transaction is initiated, allowing the account to be compromised without having to enter a victim's username and password. In addition, the trojan is notable for a focus on commercial banking clients.

"These people have high balances and by default, because the liability for these accounts is on the business and not the bank, they have access to wire transfers," he told El Reg.

The malware is a variant of the Prg Trojan, which logs all data entered into a web browser and transmits it to its authors. The older Trojan has been in the wild for more than a year and is known to have stolen social security numbers, credit card details and other personal details for more than 50,000 victims, according to SecureWorks. The new banking version was unleashed about six months ago and is the handiwork of a Russian cybergang known as UpLevel.

Prg Trojan spreads through malicious links embedded in emails and from booby-trapped iFrames injected into websites. Once Prg is installed, hackers use stolen information to spear phishing victims who control commercial bank accounts by sending a well-crafted email that purports to be from their bank. It entreats the mark to download a new soft token, client certificate or security code. When victims take the bait, the updated Prg Banking Trojan is installed.

The update phones home every time the victim does online banking, allowing the hacker to piggyback on sessions. The malware simulates the keystrokes a user would be expected to type if requesting a wire transfer. Because each bank's website is different, the Trojan is customized for about 20 different institutions, Jackson said.

Through work with law enforcement investigators, Jackson has seen losses of $200,000, but because he believes he is seeing only about 10 percent of the operation, he believes total losses could be as high as $1m. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.