Malware authors revert to phishing approach to trick bank defenses
Posted on 12.02.2013
Banking malware that performs Man-in-The-Browser tricks such as injecting legitimate banking sites with additional forms, hijacking the authenticated session to add a new payee and transfer money in the background and so on has had much success in the past.

But, as financial institutions have reacted to their existence and have implemented systems for monitoring the online sessions between customers and their web applications, the actions of malware such as Tinba, Tilon, Shylock and others employing the MitB approach get increasingly detected and thwarted. Consequently, the malware authors have had to resort to new tricks to avoid detection.

Trusteer has discovered that Tinba and Tilon have been recently modified to try out a simpler approach: phishing and blocking users from the actual banking page.

"When the customer accesses the bankís website, the malware presents a completely fake web page that looks like the bank login page. Once the customer enters their login credentials into the fake page the malware presents an error message claiming that the online banking service is currently unavailable. In the meantime, the malware sends the stolen login credentials to the fraudster who then uses a completely different machine to log into the bank as the customer and executes fraudulent transactions," explains Trusteer CTO Amit Klein.

"If the login or transaction requires two-factor authentication (OTP tokens, card and reader, etc.) the malware captures this information as part of the fake login page. Using this tactic the malware never lets the customer reach the bankís login page, which prevents backend security systems from being able to detect malware anomalies in the session and identify the fraud."

The good news is that fraud attempts associated with these new versions of Tinba and Tilon are still limited. The bad news is that banks who haven't covered both attack vectors - session hijacking and credentials theft - are putting their customers at risk.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th