30 April 2017
visit http://events.sap.com/gb/fsi-forum-2017/en/home

Zeus Trojan opens backdoor crack to two-factor SMS authentication

27 September 2010  |  13409 views  |  0 mobile

Security researchers are warning of a new threat to bank SMS two-factor authentication systems that combines social engineering and a variant of the Zeus Trojan to hijack user mobile phones during the online banking session.

The attack is described in a blog post by David Barroso of e-crime outfit S21sec. The post hypothesises a scenario in which an infected user PC is redirected to a bogus site and asked for mobile phone number, make and model alongside the usual banking credentials. The user is then sent an SMS message with a link to download a malicious application under the guise of installing a new security certificate.

The application that the user installs will monitor all the incoming SMS and open a backdoor to receive commands via SMS. Barroso demonstrates how this can be achieved via the Symbian S60 application, which has the name 'Nokia update'.

The attacker now has all the user credentials necessary to loot a two-factor protected bank account, notes Barroso:
  • The attacker logs in with the stolen credentials using the user's computer as a socks/proxy and performs a specific operation that needs SMS authentication
  • An SMS is sent to the user's mobile device with the authentication code. The malicious software running in the device forwards the SMS to other terminal controlled by the attacker
  • The attacker fills in the authentication code and completes the operation.

"We are working with mobile carriers to help them to detect infected devices," says Barroso. "Mobile carriers are the key actors in this incident, just because they are the only ones that can detect which devices are infected and block all the connections to/from the mobile C&C."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Egg to introduce one-time password protection via SMS

Egg to introduce one-time password protection via SMS

24 September 2010  |  11263 views  |  0 comments
Zeus Trojan steals £675,000 from UK bank

Zeus Trojan steals £675,000 from UK bank

10 August 2010  |  11635 views  |  0 comments
UK-specific Zeus botnet hits 100,000 PCs

UK-specific Zeus botnet hits 100,000 PCs

05 August 2010  |  9409 views  |  0 comments
Zeus variant uses card authentication programmes to dupe users

Zeus variant uses card authentication programmes to dupe users

14 July 2010  |  11179 views  |  0 comments
Zeus gets upgrade; Pakistan authorities bust hacking gang

Zeus gets upgrade; Pakistan authorities bust hacking gang

13 July 2010  |  8187 views  |  0 comments
Banks must wake up to mobile virus threat - Ovum

Banks must wake up to mobile virus threat - Ovum

06 July 2010  |  13620 views  |  0 comments
Zeus Trojan gets makeover to beat Firefox

Zeus Trojan gets makeover to beat Firefox

21 April 2010  |  13003 views  |  0 comments
UK police arrest two over ZeuS Trojan

UK police arrest two over ZeuS Trojan

18 November 2009  |  8050 views  |  0 comments
Barclays offers m-banking customers free security software

Barclays offers m-banking customers free security software

28 January 2009  |  9090 views  |  1 comments
ABN Amro compensates victims of 'man-in-the-middle' attack

ABN Amro compensates victims of 'man-in-the-middle' attack

02 April 2007  |  23096 views  |  0 comments
Fraudsters to target mobile banking, says TowerGroup

Fraudsters to target mobile banking, says TowerGroup

24 January 2007  |  6463 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comvisit vasco.com/news/PSD2-compliant-solutionsvisit dh.com

Top topics

Most viewed Most shared
Six global banks join Swift DLT trialsSix global banks join Swift DLT trials
7942 views comments | 16 tweets | 36 linkedin
BBVA steps up fintech acquisition strategy with purchase of OpenpayBBVA steps up fintech acquisition strategy...
7092 views comments | 17 tweets | 16 linkedin
JPMorgan formally quits R3JPMorgan formally quits R3
6787 views comments | 25 tweets | 15 linkedin
Should central banks open up payment and settlement systems to non-banks?Should central banks open up payment and s...
6249 views comments | 22 tweets | 21 linkedin
Token raises $15.7 million as PSD2 approachesToken raises $15.7 million as PSD2 approac...
6006 views comments | 20 tweets | 20 linkedin

Featured job

to 120K base, £300K ote, stock options
London, UK

Find your next job