ID: IRCNE2012121696
Date: 2012-12-08
According to "zdnet", a paper released by Checkpoint suggests that hackers working in Eastern Europe have systematically been able to swipe approximately $47 million through the use of a trojan that infiltrates smartphones. The infestation, dubbed "Eurograbber", is a trojan variant based on the Zeus and Zitmo banking malware.
According to the firm, by intercepting two-step authentication text messages sent to mobile phone users -- with a particular bend towards BlackBerry and Android models -- amounts ranging between 500 and 250,000 euros have been stolen from over 30,000 banking customers.
Eurograbber hits in multiple stages. After unknowingly clicking on a phishing email -- and possibly through visiting a malicious website -- the trojan is downloaded on to the victim's computer. Once a banking customer logs into their bank account, the banking session is intercepted and malicious javascript code is injected into the banking page. The customer is then notified of a "security upgrade" and instructed to click on an attached link via an SMS message sent to their submitted mobile phone number.
This stage triggers a file download to the customer's mobile with a variant of the Zitmo trojan customised for different operating systems, namely Android, BlackBerry and Windows, and the customer receives a "verification code" which they must input through their desktop on the now-malicious banking page.
Once input, the javascript informs the banking customer the security upgrade is complete, and the trojan's work can begin.
The Eurograbber trojan, although targeted at Android and BlackBerry smartphones, has also been found to include variants designed for Windows models. According to the research firm, both corporate and private banking users have been affected.
Attacks began in Italy, and soon the exploit hit the shores of Germany, Spain and Holland. Cases have only been documented in Europe so far, but it is possible that countries outside of the European Union may also eventually become targets of the Eurograbber trojan.
- 2