Feeds

SpyEye mobile banking Trojan uses same tactics as ZeuS

Give us your number, mate, we'll send you a 'digital certificate' ...

Internet Security Threat Report 2014

Cybercrooks have deployed a sophisticated man-in-the-mobile attack using the SpyEye banking Trojan toolkit.

The Trojan, which infects Windows machines, displays additional content on a targeted European bank's webpage that requests prospective marks to input their mobile phone number and the IMEI of the device. The bank customer is informed the information is needed so that a new "digital certificate" can be sent to the phone.

The so-called certificate contains the malicious executable (sms.exe) that infects Symbian-based smartphones along with another executable (SmsControl.exe) that displays a message designed to hoodwink users into believing that the only thing delivered was a digital certificate. Net security firm F-Secure detects this malware as Spitmo-A.

The European bank targeted in the attack uses SMS-based mTANs to authorise transfers. Details of how the SMS-based mTANs are delivered to the attacker are still under investigation, but preliminary research suggests that they are delivered via HTTP, and not via SMS as with an otherwise similar earlier attack that used the infamous ZeuS cybercrime toolkit.

The earlier ZeuS-based attack also used a file called SmsControl.exe as part of its payload. Presenting a Trojan as a digital certificate, one of the tricks up the sleeve of the SpyEye-based attack, also appeared in the earlier ZeuSMitmo attack. Despite these similarities, and the rumoured merger between ZeuS and SpyEye – the two biggest toolkits for banking Trojan creation – the two strains of malware are otherwise dissimilar, F-Secure reports.

More information on the SpyEye-based mobile banking Trojan attack can be found in a blog post by F-Secure here. ®

Remote control for virtualized desktops

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
Ofcom tackles complaint over Premier League footie TV rights
Virgin Media: UK fans pay the most for the fewest matches
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.