Bank Fraud Toolkit Circumvents 2FA & Device Identification

  /     /     /  
Publicated : 22/11/2024   Category : security


Bank Fraud Toolkit Circumvents 2FA & Device Identification


KL-Remote is giving Brazilian fraudsters a user-friendly virtual mugging platform.



Another user-friendly attack toolkit is on the market, and its perfect for the budding Brazilian banking fraudster. Its got an attractive, user-friendly interface that includes a start phishing button. And it effectively circumvents both two-factor authentication and device identification protections.
IBM Security Trusteer
released details today about this KL-Remote, a remote overlay toolkit that performs what it calls virtual mugging. Unlike banking Trojans, KL-Remote is less automated (because wheres the fun in that). It requires attackers to do some manual sleight of hand, but it makes it very easy to pull off.
The toolkit is distributed by being embedded in other malware. It comes preloaded with a list of targeted banking URLs. When the infected user visits one of those sites, the malware operator gets an alert and can then decide whether or not to proceed with an attack.
Heres what the attackers interface looks like:
As IBM describes it, during a remote overlay attack, the criminal is virtually looking over the victims shoulder, watching his or her every move. At some point, the attacker takes direct control over the device without the victims knowledge.
When KL-Remote goes into action, it first takes a snapshot of the infected users browser screen and lays it over the real website, preventing the user from interacting with the real site. A quick click of the start phishing button begins issuing a series of prompts -- customized for each bank -- stating that the user needs to install a security update, and it tricks the user into entering the password and one-time token.
Once the user enters that data, the tool throws up a waiting message -- one of those usual installing update, this may take a few minutes messages. While the user waits, the tool takes control of the infected machines keyboard and mouse and carries out whatever fraudulent financial transactions the attacker would like with that users bank account.
The user cant see the activity, and the bank cant tell that the person conducting the transaction isnt the account holder logging in from the usual device.
The attack effectively circumvents two-factor authentication and device identification.
Instead, identifying the fraud would require a combination of detecting malware infection, use of remote access tools, abnormal browser patterns, or abnormal transactions.
For now, KL-Remote is available only in Portuguese, and it is only in use in Brazil. Researchers say it could be adapted to other languages, territories, or industries.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Bank Fraud Toolkit Circumvents 2FA & Device Identification