Europeans Lose $47 Million in Mobile Malware Attack
Western-Europeans have lost 47 million dollars in only a few months, following a massive malware attack targeting both Windows computers and mobile users. According to a report issued by security software company CheckPoint, the group of cyber-criminals used a piece of malware called Eurograbber, an application that spun off the notorious Zeus banking Trojan.
The attack starts with a spammy message including a link. As the user clicks the malicious link, they are carried to an exploit page which installs the malware in the background. This piece of malware is then used by cyber-criminals to modify the HTML pages of the banks in real-time from within the browser as the user tries to log in.
The malware also injects another field in the login form that asks the user for the mobile number. If the mobile number is provided, the user would get a malicious message rigged with ZitMO, a mobile version of Zeus that lurks on the device and intercepts messages. ZitMO works on Android, BlackBerry and Windows Mobile phones.
In order to secure transactions, some banks approve transactions only after they have been confirmed. Shortly put, the bank would send a SMS message containing a unique code (mTAN or mobile Transaction Authorization Number) that the user needs to use in order to validate the transfer. Since the attackers had full control of both the browser and the user`s mobile phone, they could easily move funds from one account to another without any problems.
“Online banking customers should make efforts to ensure their computer is current and to also conduct their online banking transactions from the most secure environment possible. A computer that is current in OS and application updates and security protections combined with an office network that is protected with multiple layers of security will provide the most protection against attacks like Eurograbber,“ concludes the report.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021