New bank theft software hits three continents

By Hum
in Back Page News

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

(Reuters) - A new wave of automated hacking of online bank accounts might have stolen $78 million in the past year from customers in Europe, Latin America and the United States, according to researchers who peered into the computers of the hacking gangs.

The groups used recent improvements to two families of existing malicious software, known as Zeus and SpyEye, which lodged on the computers of clients at 60 banks.

While previous versions of the software have proved adept at stealing logon information, the latest variants automate the subsequent transfer of funds to accounts controlled by accomplices.

The findings, to be released on Tuesday by security firms McAfee and Guardian Analytics, confirmed and expanded on research from Japan-based Trend Micro Inc that was first reported last week by Reuters.

"This looks like the beginning of a new technique," said Guardian's Vice President Craig Priess, whose firm specializes in protecting banks.

The software is sophisticated enough to defeat "chip and PIN" and other two-factor authentication and to avoid transferring the entire contents of an account at one time, which can trigger review, according to the study.

Trend Micro said it had seen the automated versions in action in Germany, the United Kingdom and Italy.

Guardian and Intel Corp-owned McAfee said the same technology, while still emerging, had been used by a dozen gangs against consumers and business clients of financial institutions in those countries and Colombia, the Netherlands, and the United States.

"Someone designing this system has insider knowledge as to what the banks are looking for," said Dave Marcus, research director at Mcafee Labs.

Server logs viewed by the researchers saw commands from the fraud rings to transfer a total of $78 million, including $130,000 from one account. The banks may have been able to block some of those transactions, the researchers acknowledged.

Though written and controlled by different groups, SpyEye and Zeus share the ability to be installed on computers that visit malicious websites or legitimate pages that have been compromised by hackers, as well as through tainted links in emails.

The programs already have used a technique called "web injection" to generate new entry fields when victims log on to any number of banks or other sensitive websites. Instead of seeing a bank ask for an account number and password, for example, a victimized user sees requests for both of those and an ATM card number. All that information is sent to the hacker, who signs in and transfers money to an accomplice's account.

full story

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Why it's almost impossible to produce a smartphone in the United States

      By Asgardi · Posted

      Ridiculous claim that the labor cost difference of $6000 annually would increase cost per phone by $200. The employees produce 3 phones per month or what?
    • Sparkle 2.20.1

      By Copernic · Posted

      Sparkle 2.20.1 by Razvan Serea Sparkle is a free, open-source Windows optimization tool designed to make your PC faster, cleaner, and more private. With Sparkle, you can easily debloat Windows by removing unnecessary apps and services, disable Microsoft tracking to enhance privacy, and apply performance tweaks to boost speed. Its cleaner removes junk and temporary files, while every change is safe and fully reversible. Sparkle also features a modern, user-friendly interface with automatic updates, making system maintenance simple. Explore over 39 tweaks, from disabling telemetry and hibernation to optimizing network and game settings, all aimed at customizing and enhancing your Windows experience. Sparkle supports Windows 10 and 11. Sparkle 2.20.1 changelog: You can now change the Animation Direction from Up, Left, or Off. Added configurable animation direction (Up, Left, Off) for improved accessibility Added TTL caching to the system info backend Refactored tweak application flow to await NvidiaProfileInspector Improved IPC listener cleanup to correctly remove specific listeners Fixed online status not updating after successful network requests Updated system info tests to support backend caching Removed electron-toolkit utils dependency in favor of internal is.dev helper Fixed unwanted files and folders being included in application bundles Download: Sparkle 2.20.1 | Portable | ~100.0 MB (Open Source) Links: Sparkle Website | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The best controller for XBOX and PC is down to the lowest price

      By Figure 8 Dash · Posted

      Never used the G7 Pro, but I've never had a good experience with that style of d-pad and fighting games.
    • Sihoo Doro C300 Pro V2 Ergonomic Office Chair review: The Ikea of chairs

      By Figure 8 Dash · Posted

      And I just bought a seat cushion for my mesh chair. The chair feels nice but the first time I sat in it with boxers, I realized I don't like the feel of mesh on my legs. 😂
    • This Dell 27 inch 4K 120Hz IPS monitor is really cheap after a very long time

      By jordanspringer · Posted

      "This Dell 27 inch 4K 120Hz IPS monitor is really cheap after a very long time" ... Lol.

  • Recent Achievements

    • Dedicated
      Asgardi earned a badge
      Dedicated
    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well
    • One Month Later
      Excellence2025 earned a badge
      One Month Later
    • Week One Done
      Excellence2025 earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      499
    2. 2
      +Edouard
      247
    3. 3
      PsYcHoKiLLa
      153
    4. 4
      Steven P.
      84
    5. 5
      macoman
      64
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!