Over $47 Million Stolen Using Infected PCs And Phones

Malware Zeus Over $47 Million Stolen Using Infected PCs And Phones

Europe is being hit hard by a new version of the famous Zeus trojan as over 30,000 users have found their PCs and smartphones infected and being used to steal their money.

There's a new version of the famous Zeus trojan out in the wild in Europe and as to be expected it is causing all kinds of havoc and is believed to be behind the attacks against some 30,000 electronic banking customers.

The new version of the malware; and the botnet behind it, has been dubbed "Eurograbber" by security experts at Check Point Software and Versafe. The trojan was first detected in Italy earlier this year and has since spread throughout Europe.

Researchers believe that Eurograbber is responsible for over $47 million in fraudulent transfers from victim bank accounts in amounts that range from 500 Euros; $650 USD, to as much as 25,000 Euros; $32,000 USD.

The attack vector requires the victim to click on a malicious link; typical part of a phishing attack, which then will take them to a site that will attempt to download one or more trojans that will then install themselves on the computer or phone. The two trojans involved in this latest attack appear to be customized versions of Zeus as well as its SpyEye and CarBerp variants. These then will record the user's web visits and then inject HTML and JavaScript into the victim's browser.

Then the next time the victim visits their banking site the trojan will snag their credentials and use JavaScript injection to launch a request that the user install a security upgrade from the banking site. The JavaScript completes the first part of the attack when it captures the user's phone number and mobile operating system, which is then used to send a text message to the user's phone requesting that they go to the attached link to download and install some "encryption11 software".

What they actually end up with though is Zeus in the mobile (ZITMO) which is a trojans specifically made for the Android and Blackberry phones. With both systems compromised, the installed malware waits patiently for the victim to access their bank account at which point it will automatically transfer a percentage of the account balance to the criminal's accounts.

It doesn't just stop there though, as the malware will intercept the confirmation text message sent by the bank and forward it on to the trojan's command and control server.  At this point the trojan will use the message to confirm the transaction and withdraw the money. This process happens every time the victim accesses their bank account online and they are none the wiser.

via Ars Technica

VR-Zone is a leading online technology news publication reporting on bleeding edge trends in PC and mobile gadgets, with in-depth reviews and commentaries.