How Perkele Malware Attacks Bank Customers Using Android Phones

A blogger has shared a closer look at how the Perkele crime kit attacks bank customers through their Android devices and PCs.

Thieves developed Perkele to beat multifactor authentication, explains security blogger Brian Krebs. In a recent post, Krebs shared an explanation of the crime kit, which was originally brought to public attention in March.

The gimmick works when a person visits a bank website. Perkele, which interacts with Trojans like Zeus and Citadel that already live on a victim's computer, injects malicious code into the browser that asks the user for her smartphone number. That information is sent back to a hacker's "control server," which then asks the victim to scan a QR code and install an additional piece of security code.

The code is actually malware that is downloaded to the phone and lets attackers intercept text messages and initiate transactions using software that is running in parallel on a victim's desktop. Thus it is able to beat banks that require payments be confirmed using a mobile device.

"When the bank sends an SMS with a one-time code, Perkele intercepts that code and sends it to the attacker's control server," writes Krebs. "Then the malicious script on the victim's PC receives the code and completes the unauthorized transaction."

The tool is sold for about $1,000.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER