Researchers at a US online security company have uncovered information on a ‘next-generation’ banking Trojan that steals money from victim’s accounts while they are logged in.
Over 22 days in August, the Trojan’s operators stole nearly US$438,000 from several hundred accounts with unnamed German banks.
The Trojan is able to calculate on-the-fly how much money is available in an account and how much of the balance to steal. It calculates a maximum and minimum theft that will not trigger antifraud systems and decides on a percentage of the cash to leave in the account.
It then displays a fake balance to bankers logged into their accounts.
“The Trojan is sending requests to the bank and getting replies that your browser doesn’t display,” security company Finjin’s Yuval Ben-Itzhak told Cnet.com. “You are looking at your account and you don’t see any of it.”
About 6,400 of 90,000 computers that visited sites housing the malware were infected.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.