TulipTools Internet Business Owners and Online Sellers Community

Quote:Russian thieves have stolen more than €1m (£680,000) from personal bank accounts in France using "sleeper bugs" to infect computers. French authorities claim the thieves can take control of and empty a bank account in seconds. In one hit, a bank customer lost €40,000.

Police say the virus is embedded in emails or websites and remains dormant until the user contacts their bank online. When that happens, the bug becomes active and records passwords and bank codes which are then forwarded to the thieves. They then use the information to check the victim has money in the bank before transferring funds to the accounts of third parties, known as mules, who may have agreed to allow money to pass through their accounts in return for a commission of between 5% and 10%.

Quote:Cyber criminals are surfing into online banks with you to steal your money.

Password-stealing Trojan horses used to be all the rage. The software would nestle itself on a PC after opening a bad email attachment or visiting a malicious website. But in response to the increased adoption of stronger authentication, cyber criminals are changing their tactics...

..."We have recently seen a move away from stealing username and passwords." The new "bank-stealing Trojans" wait until the victim has actually logged in to their bank. "It then just transfers the money out."...

The bank-stealing Trojans are programmed to work with specific online banking websites...

Quote:Two Trojan horses with distinctive traits have been flagged by security researchers: one that hijacks one-time-use passwords, and another that hides behind a rootkit.

The unrelated malicious programs, reported this week by security companies, represent new twists thought up by hackers in their development of Trojan horses, which are harmful programs disguised to look like innocent software.

Banks in the United Kingdom, Germany and Spain have been targeted by MetaFisher, otherwise known as Spy-Agent and PWS. After infecting a computer, the Trojan horse waits until the user visits a legitimate bank Web site, then injects malicious HTML into certain fields there. The program then hijacks one-time-use PINs and transaction numbers as the person enters them into the fields.

As a result, those one-time PINs and transaction numbers are never logged onto the Web site and they remain valid...

Quote:Banking Trojans are perhaps the most malicious form of malware today, with the express purpose of taking your money directly from your bank account.

Regardless of how much damage they may have done in the past, a new generation of banking Trojans is beginning to appear, and they're game for even more pilfering, according to at least one security researcher...

The second generation (2G) Banking Trojans are more targeted and come pre-packaged looking for specific information to automatically steal...