Banking Malware Strains Dumb Down Their Approaches


Two strains of financial malware originally designed to monitor web sessions between a bank and its customers in real time have changed tactics. They are now duping victims thorough simpler means, says computer security company Trusteer.

In the past, the toolkits, Tinba and Tilon, hijacked the communication from a new payee trying to set up a bank transfer protocols to commit their brand of fraud. They would monitor web sessions between a customer and their bank in real time, and change data on the fly. After a customer logged in, the malware would hijack the authenticated session to add a new payee and transfer money in the background. "This fraud tactic requires the malware to sit inside the customer's browser, analyze the traffic, and react to it based on deep understanding of how the bank's application works," said Trusteer in a blog posted today.

But recently banks have caught on. They are now implementing sophisticated countermeasures that catch such attacks. "Banks are deploying protection layers to monitor the online sessions between customers and their web applications," the blog states. "These security systems are capable of detecting anomalies, during the session, that indicate malware-initiated activity."

So, in response, these twin toolkits have dumbed down the method of their crimes.

Instead of the traditional method of tampering with the session in real time, the malware now employs a man-in-the-middle attack.

The new method works like this, Trusteer says: Tinba and Tilon now create a fake web page automatically, once a bank customer tries to login through her online banking portal. "Once the customer enters their login credentials into the fake page, the malware presents an error message claiming that the online banking service is currently unavailable," the company said in the blog post."

In the meantime, the malware sends the stolen login credentials to the fraudster who then uses a completely different machine to log into the bank as the customer and execute fraudulent transactions." If the login requires a second level of authentication, Tinba and Tilon capture that information through their fake web page, as well.



'The Law Penalizes the Consumers It Set Out to Protect': Comments of the Week

American Banker readers share their views on the most pressing banking topics of the week. As excerpted from the Comments sections of articles.

(Image: Fotolia)

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

The Most Influential Women in Payments

What does it take to lead in the still-mostly-male world of payments? This year's 20 Most Influential Women in Payments share stories about how they got to the top, their vision for the future of payments (hint: it's mainly mobile), and advice to other women working their way up the ladder.

A Newsletter featuring Bank Technology News' top stories plus special reports and data

Already a subscriber? Log in here
Please note you must now log in with your email address and password.