22 October 2017
visit www.atos.net

Zeus man-in-the-mobile attack targets Polish ING customers

22 February 2011  |  12804 views  |  2 Fingers on smartphone keypad

A version of the infamous Zeus Trojan is taking aim at the mobile phone-based two-factor authentication system used by ING's Polish unit.

The malware targeting ING Bank Slaski was spotted by local security consultant and blogger, Piotr Konieczny, and picked up by F-Secure.

The security firm says the variant, Zeus Mitmo, appears to be the same type of man-in-the-mobile attack discovered by Spain's S21sec last year.

It is designed to steal one-time passwords sent over SMS, known as mTANs by injecting a "security notification" into the Web banking process on infected computers, attempting to lure the user into providing their phone number.

If a phone number is obtained, the user will receive an SMS link pointing to the mobile component, ZeusMitmo.A. If this is clicked on, crooks can intercept the SMS mTANs, enabling them to carry out transactions on the victim's account.

Separately, a new form of financial malware with the ability to hijack customers' online banking sessions in real time using their session ID tokens, has been identified by Trusteer.

Dubbed OddJob, the malware is being used by criminals based in Eastern Europe to attack the customers of unnamed banks in the USA, Poland and Denmark, claims the security firm.

OddJob enables fraudsters to carry out their crime without logging into the online banking computers - they simply ride on the existing and authenticated session. The Trojan can also bypass the logout request of a user to terminate their online session. Because the interception and termination is carried out in the background, the legitimate user thinks they have logged out, when in fact the fraudsters remain connected.

Trusteer says it has been monitoring OddJob for a few months, but has not been able to report on its activities until now due to ongoing investigations by law enforcement agencies.

Comments: (2)

A Finextra member
A Finextra member | 23 February, 2011, 08:50

Speaking as a developer of advanced mobile software, it seems to me that the creators of the trojans and other malware are performing a valuable service in constantly pushing developers on the 'light side' to create more and more secure programs and connections.

The main problem, though, is the price of this approach and solution, if one takes the stolen money as part of the cost. The answer is for the developer to out-think the 'dark side', but as we can see, that side can command some talented programmers.

As in life, its time to organise and make sure we don't get caught twice by the same virus.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 25 February, 2011, 14:00

This 'man in the mobile' attack is an early sign of where we see Trojans and malware evolving. For a long time, people have thought of mobiles as a safe platform. But there is no such thing as a safe platform. Mobile phones are not only phones any more, but are increasingly used for mobile banking, business access etc., which makes them a worth while target for cyber criminals. Businesses and consumers alike must think about how to adequately protect their sensitive data on all platforms, for example by using secure authentication. Static PINs and passwords have no place in applications like online or mobile banking - at least if a one-time passcode is used it is of no value to the person who has stolen it.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Moldova arrests bank staff in connection with Zeus gang

Moldova arrests bank staff in connection with Zeus gang

09 November 2010  |  8856 views  |  0 comments
E-crime gang dumps phishing for Zeus - APWG

E-crime gang dumps phishing for Zeus - APWG

21 October 2010  |  11136 views  |  2 comments
Ukraine arrests key players in $70m Zeus fraud

Ukraine arrests key players in $70m Zeus fraud

04 October 2010  |  8131 views  |  0 comments
Zeus Trojan opens backdoor crack to two-factor SMS authentication

Zeus Trojan opens backdoor crack to two-factor SMS authentication

27 September 2010  |  13579 views  |  0 comments
Zeus Trojan gets makeover to beat Firefox

Zeus Trojan gets makeover to beat Firefox

21 April 2010  |  13193 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.com Register now

Top topics

Most viewed Most shared
HSBC partners Bud for open banking trialHSBC partners Bud for open banking trial
10719 views comments | 22 tweets | 26 linkedin
Mastercard to roll out blockchain APIMastercard to roll out blockchain API
10402 views comments | 17 tweets | 24 linkedin
satelliteGates Foundation backs Ripple collaboratio...
9122 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
8182 views comments | 9 tweets | 17 linkedin
Sibos 2017: API or the highwaySibos 2017: API or the highway
8028 views comments | 10 tweets | 22 linkedin

Featured job

Competitive base + commission + benefits
Denmark, Finland, Iceland, Norway or Sweden

Find your next job