Trojan changes numbers in online banking
The German criminal police BKA (Bundeskriminalant) reported the discovery of a “new Trojan” . He does not steal the login and password from the online banking account, but uses a more cunning scheme, forcing the user to transfer money to someone else’s account.
The scheme is as follows. The trojan waits for the user to log into his account, then displays a message that the money was allegedly credited to the user's account, and the account will be frozen until the user returns the money back. When a user enters a page with a balance, the trojan shows him a page of changed content, in which a large amount is actually present. The user is offered to make a transfer immediately, showing the already completed form of money transfer.
As the user performs the translation himself, standard fraud protection tools do not work here.
According to Brian Krebs , the German Trojan is representative of a wave of programs that manipulate browser content. He says that for the first time such tactics were used by the URL Zone Trojan program in August 2009.
')
For example, here is the URL Trojan URL code fragment that calculates the maximum amount to transfer.
Over the 22 days of the URL Zone Trojan, the authors of the program (probably the Ukrainians) managed to assign approximately $ 438K at the rate. Interestingly, this time the attack was also conducted on German users.
UPD. As prompted by knowledgeable people in the comments on this topic, such technologies have existed for more than four years. In fact, the Trojan, described in the article by Brian Krebs and the German criminal police, is nothing more than a web-injecting system that has been implemented in the same Zeus from the very beginning of its existence. The technology is called in certain circles "avtozalivom." There are active and passive avtozalivy. In Germany, almost all banks have recently switched to chip-tan (two options) and mtan (SMS), so that the usual active or passive “avtozalivy” ceased to give the result to fraudsters, as a result, this kind of crossed “active-passive” avtozalivy were created referred to in the article.
It is strange that the so-called criminal police, seeing a similar scheme, without hesitation, decides to call the usual js-injection “new trojan”.
The scheme is as follows. The trojan waits for the user to log into his account, then displays a message that the money was allegedly credited to the user's account, and the account will be frozen until the user returns the money back. When a user enters a page with a balance, the trojan shows him a page of changed content, in which a large amount is actually present. The user is offered to make a transfer immediately, showing the already completed form of money transfer.
As the user performs the translation himself, standard fraud protection tools do not work here.
According to Brian Krebs , the German Trojan is representative of a wave of programs that manipulate browser content. He says that for the first time such tactics were used by the URL Zone Trojan program in August 2009.
')
For example, here is the URL Trojan URL code fragment that calculates the maximum amount to transfer.
Over the 22 days of the URL Zone Trojan, the authors of the program (probably the Ukrainians) managed to assign approximately $ 438K at the rate. Interestingly, this time the attack was also conducted on German users.
UPD. As prompted by knowledgeable people in the comments on this topic, such technologies have existed for more than four years. In fact, the Trojan, described in the article by Brian Krebs and the German criminal police, is nothing more than a web-injecting system that has been implemented in the same Zeus from the very beginning of its existence. The technology is called in certain circles "avtozalivom." There are active and passive avtozalivy. In Germany, almost all banks have recently switched to chip-tan (two options) and mtan (SMS), so that the usual active or passive “avtozalivy” ceased to give the result to fraudsters, as a result, this kind of crossed “active-passive” avtozalivy were created referred to in the article.
It is strange that the so-called criminal police, seeing a similar scheme, without hesitation, decides to call the usual js-injection “new trojan”.
Source: https://habr.com/ru/post/125142/
All Articles