Feeds

SpyEye banking trojan: now with SMS hijacking capability

One-time passwords zapped to fraudsters

Remote control for virtualized desktops

The SpyEye banking trojan has acquired the ability to reroute one-time passwords sent to victims' cellphones, a measure that bypasses protections more and more financial institutions are adopting.

According to a blog post published Wednesday by a researcher from security firm Trusteer, SpyEye was recently observed trying to trick victims into reassigning the cellphone number they use to receive one-time passwords from their banks by SMS, or short message service. The social-engineering ploy is contained in fraudulent pages injected into their online banking sessions that falsely claim they have been assigned a unique telephone number dedicated for that purpose and a special SIM card will be received in the mail shortly.

Warning injected by SpyEye into online banking session

SpyEye injects this message (translated from Spanish) into some victims' online banking session.

“Now the fraudsters can receive all future SMS transaction verification codes for the hijacked account via their own telephone network,” Trusteer researcher Amit Klein wrote. “This allows them to use the SMS confirmation system to divert funds from the customer's account without their knowledge, while not triggering any fraud detection alarms.”

As the cost of online banking fraud has skyrocketed, many financial institutions have embraced the use of out-of-band authentication to reduce the effectiveness of SpyEye, ZeuS, and other trojans that steal online banking credentials entered into infected computers. The protections work by requiring customers to enter a one-time password sent by the bank to her phone before a large transaction is completed. The additional step often foils bank fraud even if a crook has the victim's user name and password.

In true cat-and-mouse fashion, malware developers have responded by building new features that bypass these countermeasures.

SpyEye, which recently merged with the ZeuS codebase, has been one of the leaders in figuring out new ways to defeat such countermeasures. Last month, SpyEye operators began bundling the it with malware that intercepts one-time passwords sent by SMS. SpyEye has been observed doing much the same thing to BlackBerry users, as well.

The fraudulent message claiming the cellphone number must be reassigned is injected into victims' online banking sessions by the SpyEye malware infecting their machines. ®

Remote control for virtualized desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.