29 August 2015

Zeus Trojan opens backdoor crack to two-factor SMS authentication

27 September 2010  |  12802 views  |  0 mobile

Security researchers are warning of a new threat to bank SMS two-factor authentication systems that combines social engineering and a variant of the Zeus Trojan to hijack user mobile phones during the online banking session.

The attack is described in a blog post by David Barroso of e-crime outfit S21sec. The post hypothesises a scenario in which an infected user PC is redirected to a bogus site and asked for mobile phone number, make and model alongside the usual banking credentials. The user is then sent an SMS message with a link to download a malicious application under the guise of installing a new security certificate.

The application that the user installs will monitor all the incoming SMS and open a backdoor to receive commands via SMS. Barroso demonstrates how this can be achieved via the Symbian S60 application, which has the name 'Nokia update'.

The attacker now has all the user credentials necessary to loot a two-factor protected bank account, notes Barroso:
  • The attacker logs in with the stolen credentials using the user's computer as a socks/proxy and performs a specific operation that needs SMS authentication
  • An SMS is sent to the user's mobile device with the authentication code. The malicious software running in the device forwards the SMS to other terminal controlled by the attacker
  • The attacker fills in the authentication code and completes the operation.

"We are working with mobile carriers to help them to detect infected devices," says Barroso. "Mobile carriers are the key actors in this incident, just because they are the only ones that can detect which devices are infected and block all the connections to/from the mobile C&C."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

24 September, 2010
10 August, 2010
05 August, 2010
14 July, 2010
13 July, 2010
06 July, 2010
21 April, 2010
18 November, 2009
28 January, 2009
02 April, 2007
24 January, 2007
Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
Android Pay could launch this week
6357 views comments | 26 tweets | 22 linkedin
FIS opens Indian financial inclusion lab
5843 views comments | 14 tweets | 2 linkedin
SunGard system glitch causes havoc for BNY...
5785 views comments | 13 tweets | 12 linkedin
Kenya's NIC Bank links to Twitter and What...
5350 views comments | 27 tweets | 14 linkedin
Wirecard bids for Worldpay - Bloomberg
4823 views comments | 10 tweets | 7 linkedin

Featured job

to $120K base, double OTE, benefits
New York City, NY or Boston, MA (USA)

Find your next job