ID: IRCNE2013071895
Date: 2013-07-01
According to "computerworld", a new variant of the Citadel financial malware uses in-browser injection techniques combined with extensive content localization to steal log-in credentials and credit card information from users in different countries, according to researchers from security vendor Trusteer.
Citadel has the ability to modify or replace websites opened by users on infected computers. This is known as a man-in-the-browser attack and is frequently used by financial Trojan programs to trick users into exposing their log-in details and other sensitive information.
The new Citadel variant targets users of social networks, banks and major e-commerce sites, including Amazon and its local versions in France, Spain, Italy and Germany, the Trusteer researchers said in a blog post.
When the targeted websites are accessed from computers infected with the new Citadel variant, the malware replaces them with rogue versions that claim users' accounts were blocked because of suspicious activity. The victims are then asked to input their personal and credit card information in order to confirm that they are the legitimate owners of the accounts and proceed to unlock them.
This particular social engineering technique has been used for years in phishing attacks. However, unlike in traditional phishing, when websites are modified locally by Citadel or similar malware, the URLs displayed in the browser's address bar are those of the legitimate websites.
Based on data collected and analyzed by Trusteer, the company's researchers estimate that several thousands of computers have been infected with this new Citadel variant so far.
- 2