08 December 2016
Visit aciworldwide.com

State-sponsored banking virus found in Middle East

10 August 2012  |  6227 views  |  3 purple swirls

A state-sponsored computer virus that spies on online banking transactions has been discovered in the Middle East by computer security outfit Kaspersky Lab.

The virus, dubbed Gauss, is stealing access credentials for various online banking systems and payment methods, as wells as browser history, cookies, passwords, and system configurations, from infected PCs, says Kaspersky.

Since May, the security firm has identified around 2500 infected machines, mostly in Lebanon. It has targeted customers of Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais, as well as Citibank and PayPal users.

Gauss is the latest state-sponsored cyber-threat found in the region and was discovered because of its similarity to Flame, the data-mining computer virus that was found to be spying on computers in Iran earlier this year but it is the thought to be the first targeting banking credentials.

It could also be connected to Stuxnet, the virus that famously hit Iran's uranium enrichment programme in 2010 and is widely suspected to be the work of Israel and the US.

Alexander Gostev, chief security expert, Kaspersky Lab, says: "Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasising stealth and secrecy; however, its purpose was different to Flame or Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information."

Comments: (3)

Chander Singh
Chander Singh - BBG Banking Operations IT Consultants - London | 10 August, 2012, 11:51

State sponsored spying is not new. It has been practised time and memorial. But in the banking world, the regulator is a watch dog from distance with rights to do operational audit and do a fact finding post mortem. However, I see two key issues arising from this report -

1. The regulatory mechanism of transaction monitoring and reporting system should ensure that particular types of transactions as per pre-defined parameters are reported to the regulator as per the frequency post or during on-line transaction. Not sure if that mechanism is in place.

2. Why the state regulators decide to implant a virus in a surreptitious manner, while they have the authority to ask banks to instal a legitimate application provided by the regulator properly integrated with the online or other transaction processing systems of the banks. Why regulators did not think of that.

Regulators have to come out openly with more innovative ideas of control and monitoring in light of changed society, and more importantly regulators themselves have to equip better with the changing times, rather than using sneaky ways of monitoring and control.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 13 August, 2012, 07:40

It depends on from which country the spying government agency comes - if it is a foreign government department, it is spying. If it is the domestic government banking supervision authority it can at best be considered as unusual supervision. In most countries the FSA activity is regulated on procedure rules and would not allow the FSA to plant spyware into bank computers or bank customer PC:s. So the 1000 dollar question is - from which government did this spyware come? The security lab should have a good opinion.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Gerhard Schwartz
Gerhard Schwartz - Hewlett-Packard - | 13 August, 2012, 11:12

Not sure whether the headline "State-sponsored banking virus found in the Middle East" is appropriate. It is widely agreed that the original Stuxnet malware was probably built by some state-sponsored agency or agencies - but Stuxnet is in the wild now since quite some time. Skilled criminals can find access to that code, and are apparently now trying to leverage parts of that malware for their own purposes.  

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

EC plans cybercrime centre to fight online crooks

EC plans cybercrime centre to fight online crooks

29 March 2012  |  6765 views  |  1 comments
Russian security services bust notorious malware ring

Russian security services bust notorious malware ring

21 March 2012  |  6165 views  |  0 comments
Israeli hackers take down Arab bank sites

Israeli hackers take down Arab bank sites

20 January 2012  |  7721 views  |  0 comments
Zeus makes move to investment fraud

Zeus makes move to investment fraud

27 April 2011  |  7173 views  |  0 comments
US moves to take out massive botnet

US moves to take out massive botnet

14 April 2011  |  6682 views  |  0 comments
Scientist claims to have become infected with a computer virus

Scientist claims to have become infected with a computer virus

26 May 2010  |  13763 views  |  2 comments
Visit capgemini.comFind out moreVisit VocaLink.com

Who is commenting?

A Finextra member Finextra Member Commented on: Payments regulator blo...
A Finextra member Finextra Member Commented on: Payments regulator blo...

Top topics

Most viewed Most shared
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
7531 views 12 comments | 15 tweets | 27 linkedin
OCC to offer fintech firms bank charter statusOCC to offer fintech firms bank charter st...
7137 views comments | 25 tweets | 15 linkedin
China tops world fintech rankingsChina tops world fintech rankings
6970 views comments | 34 tweets | 30 linkedin
Fed Governor sounds warning on alternative credit scoring dataFed Governor sounds warning on alternative...
6314 views comments | 19 tweets | 20 linkedin
Big tech policy group calls on Trump to promote fintech innovationBig tech policy group calls on Trump to pr...
5752 views comments | 22 tweets | 11 linkedin

Featured job

to Six-Figure Base, Bonus, Benefits
London, UK

Find your next job