17 August 2017
visit www.avoka.com

Zeus man-in-the-mobile attack targets Polish ING customers

22 February 2011  |  12743 views  |  2 Fingers on smartphone keypad

A version of the infamous Zeus Trojan is taking aim at the mobile phone-based two-factor authentication system used by ING's Polish unit.

The malware targeting ING Bank Slaski was spotted by local security consultant and blogger, Piotr Konieczny, and picked up by F-Secure.

The security firm says the variant, Zeus Mitmo, appears to be the same type of man-in-the-mobile attack discovered by Spain's S21sec last year.

It is designed to steal one-time passwords sent over SMS, known as mTANs by injecting a "security notification" into the Web banking process on infected computers, attempting to lure the user into providing their phone number.

If a phone number is obtained, the user will receive an SMS link pointing to the mobile component, ZeusMitmo.A. If this is clicked on, crooks can intercept the SMS mTANs, enabling them to carry out transactions on the victim's account.

Separately, a new form of financial malware with the ability to hijack customers' online banking sessions in real time using their session ID tokens, has been identified by Trusteer.

Dubbed OddJob, the malware is being used by criminals based in Eastern Europe to attack the customers of unnamed banks in the USA, Poland and Denmark, claims the security firm.

OddJob enables fraudsters to carry out their crime without logging into the online banking computers - they simply ride on the existing and authenticated session. The Trojan can also bypass the logout request of a user to terminate their online session. Because the interception and termination is carried out in the background, the legitimate user thinks they have logged out, when in fact the fraudsters remain connected.

Trusteer says it has been monitoring OddJob for a few months, but has not been able to report on its activities until now due to ongoing investigations by law enforcement agencies.

Comments: (2)

A Finextra member
A Finextra member | 23 February, 2011, 08:50

Speaking as a developer of advanced mobile software, it seems to me that the creators of the trojans and other malware are performing a valuable service in constantly pushing developers on the 'light side' to create more and more secure programs and connections.

The main problem, though, is the price of this approach and solution, if one takes the stolen money as part of the cost. The answer is for the developer to out-think the 'dark side', but as we can see, that side can command some talented programmers.

As in life, its time to organise and make sure we don't get caught twice by the same virus.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 25 February, 2011, 14:00

This 'man in the mobile' attack is an early sign of where we see Trojans and malware evolving. For a long time, people have thought of mobiles as a safe platform. But there is no such thing as a safe platform. Mobile phones are not only phones any more, but are increasingly used for mobile banking, business access etc., which makes them a worth while target for cyber criminals. Businesses and consumers alike must think about how to adequately protect their sensitive data on all platforms, for example by using secure authentication. Static PINs and passwords have no place in applications like online or mobile banking - at least if a one-time passcode is used it is of no value to the person who has stolen it.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Moldova arrests bank staff in connection with Zeus gang

Moldova arrests bank staff in connection with Zeus gang

09 November 2010  |  8808 views  |  0 comments
E-crime gang dumps phishing for Zeus - APWG

E-crime gang dumps phishing for Zeus - APWG

21 October 2010  |  11062 views  |  2 comments
Ukraine arrests key players in $70m Zeus fraud

Ukraine arrests key players in $70m Zeus fraud

04 October 2010  |  8069 views  |  0 comments
Zeus Trojan opens backdoor crack to two-factor SMS authentication

Zeus Trojan opens backdoor crack to two-factor SMS authentication

27 September 2010  |  13513 views  |  0 comments
Zeus Trojan gets makeover to beat Firefox

Zeus Trojan gets makeover to beat Firefox

21 April 2010  |  13126 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.comvisit www.worldpaymentsreport.comdownload the paper now

Who is commenting?

Top topics

Most viewed Most shared
Coinbase raises $100mCoinbase raises $100m
10508 views comments | 14 tweets | 14 linkedin
DBS Bank launches online car selling marketplaceDBS Bank launches online car selling marke...
9910 views comments | 13 tweets | 11 linkedin
China preps central clearing house for mobile payments providersChina preps central clearing house for mob...
9865 views comments | 8 tweets | 15 linkedin
Monzo appoints Curve co-founder Foster-Carter COOMonzo appoints Curve co-founder Foster-Car...
8226 views comments | 1 tweets | 3 linkedin
hands typing furiouslyCompliance: Overcome the data deficit
7691 views 0 | 1 tweets | 8 linkedin

Featured job

Find your next job