Experts at security firm Symantec are warning of a new trojan program that circumvents two-factor authentication systems and intercepts account information before it is encrypted.
In a company blog Symantec researcher Liam O'Murchu warns that Trojan.Silentbanker targets over 400 banks across the world and is able to perform man-in-the-middle attacks on valid transactions.
The Trojan can also intercept transactions that require two factor authentication. It can then change the user-entered bank account details to the attacker's account details instead.
"The Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker's details instead," says O'Murchu in his blog. "Since the user doesn't notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers."
The program intercepts all of this traffic before it is encrypted, says Symantec, so even if the transaction takes place over SSL the attack is still valid.
Furthermore, when instructed, the Trojan can redirect users to an attacker-controlled server instead of the real bank in order to perform a man-in-the-middle attack. O'Murchu says currently there is one bank targeted this way, which isn't named.