SpyEye trojan hits online banking sites

A new Trojan threatens to stealthily victimize online banking customers by targeting banking transactions that use text messaging to send confirmation codes. Researchers at Trusteer said the SpyEye Trojan lets thieves change the mobile phone number in a consumer’s online banking account and reroute text messages to the criminal’s phone. “This latest SpyEye configuration demonstrates that out-of-band authentication (OOBA) systems, including SMS-based solutions, are not fool-proof. Using a combination of MITB (man in the browser injection) technology and social engineering, fraudsters are not only able to bypass OOBA but also buy themselves more time since the transactions have been verified and fly under the radar of fraud detection systems," the researchers at Trusteer said. It said the new technique allows cybercriminals to perform transactions on the consumer’s account without their knowledge. According to the researchers, the malware first steals the login information to the consumer’s account, allowing a thief to access the account without alerting the bank or consumer. The malware then injects a fake page into the web browser on the victim’s phone. The fake page, which resembles that of the real bank, claims a new security system is being implemented. But for the victim to qualify for this, he or she must “register" with the bank, and part of the process includes typing the original confirmation code into the spoofed webpage. “This allows the criminals to steal the confirmation code they need to authorize changing the customer’s mobile number," Trusteer said. With the code, the fraudsters can receive all future SMS transaction verification codes for the hijacked account via their own telephone network. This allows them to use the SMS confirmation system to divert funds from the customer’s account without their knowledge, while not triggering any fraud detection alarms. “The only way to defeat this new attack once a computer has been infected with SpyEye is using endpoint security that blocks MITB techniques. Without a layered approach to security, even the most sophisticated OOBA schemes can be made irrelevant under the right circumstances," Trusteer said. — TJD, GMA News