23 March 2017
visit nextgenbanking.co.uk

State-sponsored banking virus found in Middle East

10 August 2012  |  6305 views  |  3 purple swirls

A state-sponsored computer virus that spies on online banking transactions has been discovered in the Middle East by computer security outfit Kaspersky Lab.

The virus, dubbed Gauss, is stealing access credentials for various online banking systems and payment methods, as wells as browser history, cookies, passwords, and system configurations, from infected PCs, says Kaspersky.

Since May, the security firm has identified around 2500 infected machines, mostly in Lebanon. It has targeted customers of Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais, as well as Citibank and PayPal users.

Gauss is the latest state-sponsored cyber-threat found in the region and was discovered because of its similarity to Flame, the data-mining computer virus that was found to be spying on computers in Iran earlier this year but it is the thought to be the first targeting banking credentials.

It could also be connected to Stuxnet, the virus that famously hit Iran's uranium enrichment programme in 2010 and is widely suspected to be the work of Israel and the US.

Alexander Gostev, chief security expert, Kaspersky Lab, says: "Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasising stealth and secrecy; however, its purpose was different to Flame or Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information."

Comments: (3)

Chander Singh
Chander Singh - BBG Banking Operations IT Consultants - London | 10 August, 2012, 11:51

State sponsored spying is not new. It has been practised time and memorial. But in the banking world, the regulator is a watch dog from distance with rights to do operational audit and do a fact finding post mortem. However, I see two key issues arising from this report -

1. The regulatory mechanism of transaction monitoring and reporting system should ensure that particular types of transactions as per pre-defined parameters are reported to the regulator as per the frequency post or during on-line transaction. Not sure if that mechanism is in place.

2. Why the state regulators decide to implant a virus in a surreptitious manner, while they have the authority to ask banks to instal a legitimate application provided by the regulator properly integrated with the online or other transaction processing systems of the banks. Why regulators did not think of that.

Regulators have to come out openly with more innovative ideas of control and monitoring in light of changed society, and more importantly regulators themselves have to equip better with the changing times, rather than using sneaky ways of monitoring and control.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 13 August, 2012, 07:40

It depends on from which country the spying government agency comes - if it is a foreign government department, it is spying. If it is the domestic government banking supervision authority it can at best be considered as unusual supervision. In most countries the FSA activity is regulated on procedure rules and would not allow the FSA to plant spyware into bank computers or bank customer PC:s. So the 1000 dollar question is - from which government did this spyware come? The security lab should have a good opinion.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Gerhard Schwartz
Gerhard Schwartz - Hewlett-Packard - | 13 August, 2012, 11:12

Not sure whether the headline "State-sponsored banking virus found in the Middle East" is appropriate. It is widely agreed that the original Stuxnet malware was probably built by some state-sponsored agency or agencies - but Stuxnet is in the wild now since quite some time. Skilled criminals can find access to that code, and are apparently now trying to leverage parts of that malware for their own purposes.  

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

EC plans cybercrime centre to fight online crooks

EC plans cybercrime centre to fight online crooks

29 March 2012  |  6854 views  |  1 comments
Russian security services bust notorious malware ring

Russian security services bust notorious malware ring

21 March 2012  |  6264 views  |  0 comments
Israeli hackers take down Arab bank sites

Israeli hackers take down Arab bank sites

20 January 2012  |  7796 views  |  0 comments
Zeus makes move to investment fraud

Zeus makes move to investment fraud

27 April 2011  |  7232 views  |  0 comments
US moves to take out massive botnet

US moves to take out massive botnet

14 April 2011  |  6765 views  |  0 comments
Scientist claims to have become infected with a computer virus

Scientist claims to have become infected with a computer virus

26 May 2010  |  13848 views  |  2 comments
Visit capgemini.comvisit abe-eba.euParticipate in the survey

Who is commenting?

Top topics

Most viewed Most shared
Bank of England sets up fintech Community; runs blockchain and AI trialsBank of England sets up fintech Community;...
16482 views comments | 33 tweets | 26 linkedin
hands typing furiouslyMachine Learning: Lessons for Banks From S...
10189 views 0 | 12 tweets | 9 linkedin
Can banks really win in the payments business of the future? – new Finextra reportCan banks really win in the payments busin...
7721 views comments | 23 tweets | 36 linkedin
satellite26 Japanese banks register for Exchange-ru...
7534 views comments | 2 tweets | 1 linkedin
SecureKey taps IBM to put identity on the blockchainSecureKey taps IBM to put identity on the...
6301 views comments | 22 tweets | 15 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job