Researchers at a US online security company have uncovered information on a ‘next-generation’ banking Trojan that steals money from victim’s accounts while they are logged in.
Over 22 days in August, the Trojan’s operators stole nearly US$438,000 from several hundred accounts with unnamed German banks.
The Trojan is able to calculate on-the-fly how much money is available in an account and how much of the balance to steal. It calculates a maximum and minimum theft that will not trigger antifraud systems and decides on a percentage of the cash to leave in the account.
It then displays a fake balance to bankers logged into their accounts.
“The Trojan is sending requests to the bank and getting replies that your browser doesn’t display,” security company Finjin’s Yuval Ben-Itzhak told Cnet.com. “You are looking at your account and you don’t see any of it.”
About 6,400 of 90,000 computers that visited sites housing the malware were infected.
Smart Company is the leading online publication in Australia for free news, information and resources catering to Australia’s entrepreneurs, small and medium business owners and business managers.
Comments