New methods of malware resemble traditional phishing technology
The authors of malware that is designed for financial institutions that are trying to hide them from detection. In particular, virus writers have returned to more traditional methods of phishing to steal banking data users. This was told by experts from Trusteer in a company blog.
Most financial Trojans are now able to intervene in the online banking session alleged victims in real time. This enables them to carry out fraudulent transactions in the background and hide them from the users by making changes to your account balance and transaction history, which is displayed in the browser.
Therefore, banks have started to implement a monitoring system to track the performance of their online customers and to detect anomalous activity that points to a malicious program. This forces authors to apply the technique to change the Trojans.
Thus, specialists Trusteer found changes in the Trojans, and as Tinba Tilon, which substitute legitimate site of the institution false resource.
"When a client attempts to visit the bank's website, the malware gives him absolutely fake page, the design of which is no different from the first. After the user enters their credentials, the Trojan gives him an error message, which means that the banking service is not available. At this time the scammer sends credentials, use another computer to log on and conduct illegal transactions, "- said the expert.
If a bank uses a multi-factor authentication, which asks for one-time passwords, the malicious program requests this information to another fake page.
This tactic is very similar to traditional phishing technology, but it is more difficult to detect because the URL in the browser address bar refers to this website, and not a fake.
According to Trusteer, Tinba new version is already being used by hackers in attacking the major financial institutions and consumer web-services.
Details of the Trusteer report can be found here