VR-Zone

A group of researchers at Finjan has exposed a cyber-gang which has created an ultra-sneaky banking Trojan that had looted about €300,000 (equivalent of SGD$619,860) from German bank accounts over a 22-day period.

Dubbed URLZone, the Trojan was similar to a digital “lock pick” for a cyber-gang which Finjan had been tracking from Aug. 11 to Sept. 1. According to Finjan, cyber-criminals will bobby trap the (both legitimate as well as fake) websites using the LuckySpoilt toolkit. When unsuspecting users open the malicious pdf files or Javascripts, the Trojan infects the users.

Unlike typical Trojans, which normally steal passwords and information only from users, the URLZone was more advanced. The malware is capable of tricking victims into revealing their banking credentials by inserting text boxes into online banking applications. Login credentials and screentshots on activities of the compromised bank accounts are then forwarded to a “command and control” server in Ukraine, where instructions on how much to steal and which "mule" accounts to wire to are given. URLZone also reportedly changes the users’ onscreen bank account statements in real time to cover its tracks and avoid suspicion.

So folks, do be careful before any e-commercial/banking activities on the web. It is always a good practice to update both your spyware and anti-virus definitions weekly and most importantly of all, always avoid opening suspicious files e.g. pdf files and surfing dodgy websites. You have been warned!

“As reported previously by Finjan, cybercriminals continue to follow the money, with bank accounts steadily remaining a favorite among their targets. To avoid detection, cybercriminals continue to improve their methodologies for stealing money and going under the radar from the victims and banks alike. With the combination of using sophisticated Trojans for the theft and money mules to transfer stolen money to their accounts, they minimize their chances of being detected,” said Yuval Ben-Itzhak, CTO of Finjan. “In this case, the specific criteria that the Trojan received from its Command & Control center mark a whole new level of cybercrime sophistication in the techniques used by cybercriminals. Using these methods they successfully evade anti-fraud systems that banks deploy – we dubbed it the Anti anti-fraud.”

News via [Finjan]