(LiveHacking.Com) – A sophisticated and complex attack has been used to systemically steal millions from banking customers, both corporate and private, across Europe. By using a combination of malware for the PC and malware for mobile, the attackers have been able to intercept SMS messages used by banks as part of their two-factor authentication process. First the attackers would infect the victim’s PC and then infected their mobile. Once the two-factor authentication was bypassed, the criminals used the corresponding transaction authentication number (TAN), to automatically transfers of funds from the victims’ accounts. The sums varied in size from €500 to €250,000.
According to Check Point, the firewall maker, an estimated €36+ million has been stolen from more than 30,000 corporate and private bank accounts. This attack campaign has been named “Eurograbber” by Versafe and Check Point Software Technologies who have released a case study about the criminals activities. By using a variation of the Zeus-In-The-Mobile Trojan the victim’s online banking sessions were completely monitored and manipulated by the attackers. The mobile part of the attack used malware developed for both the Blackberry and Android platforms.
“Cyberattacks are constantly evolving to take advantage of the latest trends. As online and mobile banking continue to grow, we will see more targeted attacks in this area, and Eurograbber is a prime example,” said Gabi Reish, Head of Product Management at Check Point Software Technologies. “The best way to prevent these attacks is with a multi-layered security solution that spans network, data, and endpoints, powered by real time threat intelligence.”
In the on-going battle between cyber-criminals and IT infrastructure designers, cyberattacks have become more sophisticated. The Eurograbber attack has found the weakest link in the chain, the banking customers and their devices. In this case by unwittingly installing malware on their PC and phone the victims allowed the attackers to launch and automate their attacks and avoid traceability.
Checkpoint has notified the banks involved and it is actively working with law enforcement agencies to halt any current or future attacks. The report ends by reminding individual users that they must be steadfast in ensuring all of their desktops, laptops and tablets have all possible security layers enabled and that they are kept current with software and security updates to ensure the best protection possible.