Newly Observed Malware Targets Online Banking: ESET

Researchers at a security firm in Slovakia are warning of malicious software they say can steal online banking credentials.

According to ESET, which makes anti-virus software for businesses and consumers, the malware hides in software that runs a majority of the world's websites.

Though the program, dubbed Linux/Chapro.A, can steal any type of content, in the scheme that ESET has identified the malware aims to steal information from customers of banks.

The code is said to inject a computer file into select web browsers that displays a request for the card verification value code, a series of three or four digits found on credit cards.

The malware camouflages itself and can relay the security code and user's credentials to computers commandeered by thieves.

"The program has many capabilities to evade detection by system administrators," Pierre Marc-Bureau, a security intelligence program manager at ESET, wrote Tuesday in a blog post. "Before serving malicious content to a visitor, multiple checks will be performed."

ESET says the version of Linux/Chapro.A it has observed targets banks in Europe and Russia, although the malware could be configured to attack U.S. banks.

According to Marc-Bureau, Linux/Chapro.A avoids detection by scanning the servers of potential targets to avoid injecting itself into systems on which administrators or web developers may be working.

Before injecting itself, the malware embeds a file in the victim's browser to ensure the malware will refrain from leaving digital footprints that come with repeated injections. The malware also maintains a roster of websites that have served malicious content. Users will receive the malware once even if they visit the site repeatedly.

The scheme, according to Marc-Bureau, "shows the increased complexity of malware attacks."

According to ESET, the malware can erase messages that banks may post that warn customers the bank will never ask them to enter card data.

ESET says it has not determined whether "the same group of people are behind the entire operation or whether multiple gangs collaborated" to deploy it.

The warning by ESET comes roughly a week after a researcher at McAfee said an operation conceived by two Russian hackers to steal information from customers at dozens of U.S. banks in the coming year may be credible.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER