EMC Corp.'s RSA Security said it has discovered a malicious program that disguises itself as an online banking security tool.
The Trojan horse, distributed through phishing e-mails primarily to owners of business bank accounts, purports to be a security certificate that is needed for online banking, RSA said in a report published last week. Once installed, the file attempts to steal passwords from its victims.
The attack has been used only by the Rock Phish gang, a prominent group of phishing scammers, the report said. Because the scam requires action by the victim, it has not been widely used even by that gang, RSA said.
"We believe it is the custom work of the Rock Phish gang, or that it is crimeware developed especially for the gang," which has perpetrated about half of the world's phishing attacks, RSA said.
