Feeds

New Trojan preys on commercial banking customers

Feeding on fat cats

The Power of One eBook: Top reasons to choose HP BladeSystem

A researcher has uncovered malware that targets commercial bank customers by logging into their online accounts and wiring large sums to accounts under the control of criminals.

The Prg Bank Trojan is known to have cost victims at least $200,000, but the actual damage is suspected to be much higher, said Don Jackson, a researcher with Security services provider SecureWorks. The software has attacked commercial clients of about 20 banks in the US, the UK, Spain and Italy over the past six months.

Jackson attributes the malware's success to several clever design features. For one, hackers are alerted each time an online transaction is initiated, allowing the account to be compromised without having to enter a victim's username and password. In addition, the trojan is notable for a focus on commercial banking clients.

"These people have high balances and by default, because the liability for these accounts is on the business and not the bank, they have access to wire transfers," he told El Reg.

The malware is a variant of the Prg Trojan, which logs all data entered into a web browser and transmits it to its authors. The older Trojan has been in the wild for more than a year and is known to have stolen social security numbers, credit card details and other personal details for more than 50,000 victims, according to SecureWorks. The new banking version was unleashed about six months ago and is the handiwork of a Russian cybergang known as UpLevel.

Prg Trojan spreads through malicious links embedded in emails and from booby-trapped iFrames injected into websites. Once Prg is installed, hackers use stolen information to spear phishing victims who control commercial bank accounts by sending a well-crafted email that purports to be from their bank. It entreats the mark to download a new soft token, client certificate or security code. When victims take the bait, the updated Prg Banking Trojan is installed.

The update phones home every time the victim does online banking, allowing the hacker to piggyback on sessions. The malware simulates the keystrokes a user would be expected to type if requesting a wire transfer. Because each bank's website is different, the Trojan is customized for about 20 different institutions, Jackson said.

Through work with law enforcement investigators, Jackson has seen losses of $200,000, but because he believes he is seeing only about 10 percent of the operation, he believes total losses could be as high as $1m. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.