Pages

Friday, October 7, 2011

#SpyEye banking #trojan: now with #SMS hijacking capability

http://www.trusteer.com/sites/default/files/spyeye_fraudulent_page.png

Credit: Trusteer
The SpyEye banking trojan has acquired the ability to reroute one-time passwords sent to victims' cellphones, a measure that bypasses protections more and more financial institutions are adopting.
According to a blog post published Wednesday by a researcher from security firm Trusteer, SpyEye was recently observed trying to trick victims into reassigning the cellphone number they use to receive
one-time passwords from their banks by SMS, or short message service. The social-engineering ploy is contained in fraudulent pages injected into their online banking sessions that falsely claim they have been assigned a unique telephone number dedicated for that purpose and a special SIM card will be received in the mail shortly.
“Now the fraudsters can receive all future SMS transaction verification codes for the hijacked account via their own telephone network,” Trusteer researcher Amit Klein wrote. “This allows them to use the SMS confirmation system to divert funds from the customer's account without their knowledge, while not triggering any fraud detection alarms.”

Source : Here

No comments:

Post a Comment