Eurograbber Lets Attackers Steal 36 Million Euros From Banks, Customers

  /     /     /  
Publicated : 22/11/2024   Category : security


Eurograbber Lets Attackers Steal 36 Million Euros From Banks, Customers


Cybercriminals combine new Trojan with SMS malware to crack online banking systems



Researchers say they have identified and thwarted a malware attack that enabled attackers to steal more than 36 million euros from more than 30,000 online banking customers in Europe.
The attack, dubbed
Eurograbber
, infected users PCs with a new version of the Zeus Trojan, and then convinced them to download malware to their cell phones, defeating the second factor of authentication and exposing online banking accounts to slow data theft, according to researchers at security vendor Check Point Software and Versafe, an online fraud prevention vendor.
It was a targeted, multistage, sophisticated attack that used two different Trojans to infect both the online banking system and the users phone, says Darrell Burkey, director of IPS at Check Point. It broke through both the first factor of authentication on the banking system and the second factor of authentication, which in Europe is often an SMS-based cell phone.
The attack affected more than 30,000 accounts at more than 30 banks throughout Europe, the researchers say. The criminals stole money in small amounts from both personal and corporate accounts so as not to be immediately detected.
The researchers shared their discovery with the affected banks and law enforcement agencies, and the infrastructure that was used to crack the online banking systems has been taken down, Check Point and Versafe say. The perpetrators of the crime have not been identified.
Were not saying that it couldnt come back, says Eyal Gruner, security engineer at Versafe. When the infrastructure under High Roller [another malware attack] was taken down, it reappeared again later. Its still out there, but the initial command-and-control infrastructure has been taken down.
Check Point has registered a signature for the attack and its software would block it if it reappeared, Burkey says.
The attack was sophisticated in that it infected the banking system first and then sent a phishing message to customers, telling them to update the online banking software on their cell phones. The update messages appeared to come directly from the affected bank, and a significant percentage of customers fell for the ruse and downloaded the Zitmo-based malicious software to their phones, the researchers say.
Its definitely one of the most sophisticated banking attacks weve seen, Burkey says.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Eurograbber Lets Attackers Steal 36 Million Euros From Banks, Customers