17 December 2017
visit www.avoka.com

Zeus man-in-the-mobile attack targets Polish ING customers

22 February 2011  |  12838 views  |  2 Fingers on smartphone keypad

A version of the infamous Zeus Trojan is taking aim at the mobile phone-based two-factor authentication system used by ING's Polish unit.

The malware targeting ING Bank Slaski was spotted by local security consultant and blogger, Piotr Konieczny, and picked up by F-Secure.

The security firm says the variant, Zeus Mitmo, appears to be the same type of man-in-the-mobile attack discovered by Spain's S21sec last year.

It is designed to steal one-time passwords sent over SMS, known as mTANs by injecting a "security notification" into the Web banking process on infected computers, attempting to lure the user into providing their phone number.

If a phone number is obtained, the user will receive an SMS link pointing to the mobile component, ZeusMitmo.A. If this is clicked on, crooks can intercept the SMS mTANs, enabling them to carry out transactions on the victim's account.

Separately, a new form of financial malware with the ability to hijack customers' online banking sessions in real time using their session ID tokens, has been identified by Trusteer.

Dubbed OddJob, the malware is being used by criminals based in Eastern Europe to attack the customers of unnamed banks in the USA, Poland and Denmark, claims the security firm.

OddJob enables fraudsters to carry out their crime without logging into the online banking computers - they simply ride on the existing and authenticated session. The Trojan can also bypass the logout request of a user to terminate their online session. Because the interception and termination is carried out in the background, the legitimate user thinks they have logged out, when in fact the fraudsters remain connected.

Trusteer says it has been monitoring OddJob for a few months, but has not been able to report on its activities until now due to ongoing investigations by law enforcement agencies.

Comments: (2)

A Finextra member
A Finextra member | 23 February, 2011, 08:50

Speaking as a developer of advanced mobile software, it seems to me that the creators of the trojans and other malware are performing a valuable service in constantly pushing developers on the 'light side' to create more and more secure programs and connections.

The main problem, though, is the price of this approach and solution, if one takes the stolen money as part of the cost. The answer is for the developer to out-think the 'dark side', but as we can see, that side can command some talented programmers.

As in life, its time to organise and make sure we don't get caught twice by the same virus.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 25 February, 2011, 14:00

This 'man in the mobile' attack is an early sign of where we see Trojans and malware evolving. For a long time, people have thought of mobiles as a safe platform. But there is no such thing as a safe platform. Mobile phones are not only phones any more, but are increasingly used for mobile banking, business access etc., which makes them a worth while target for cyber criminals. Businesses and consumers alike must think about how to adequately protect their sensitive data on all platforms, for example by using secure authentication. Static PINs and passwords have no place in applications like online or mobile banking - at least if a one-time passcode is used it is of no value to the person who has stolen it.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Moldova arrests bank staff in connection with Zeus gang

Moldova arrests bank staff in connection with Zeus gang

09 November 2010  |  8879 views  |  0 comments
E-crime gang dumps phishing for Zeus - APWG

E-crime gang dumps phishing for Zeus - APWG

21 October 2010  |  11166 views  |  2 comments
Ukraine arrests key players in $70m Zeus fraud

Ukraine arrests key players in $70m Zeus fraud

04 October 2010  |  8171 views  |  0 comments
Zeus Trojan opens backdoor crack to two-factor SMS authentication

Zeus Trojan opens backdoor crack to two-factor SMS authentication

27 September 2010  |  13594 views  |  0 comments
Zeus Trojan gets makeover to beat Firefox

Zeus Trojan gets makeover to beat Firefox

21 April 2010  |  13237 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.thomsonreuters.infovisit www.atos.netvisit www.niceactimize.com

Top topics

Most viewed Most shared
satelliteRipple completes XRP Lockup
10643 views comments | 3 tweets | 2 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
10277 views comments | 18 tweets | 36 linkedin
Banks tap Ethereum smart contracts for MiFID II complianceBanks tap Ethereum smart contracts for MiF...
7638 views comments | 10 tweets | 10 linkedin
Banks and fintech startups join forces on blockchain-based supply chain pilotBanks and fintech startups join forces on...
7339 views comments | 19 tweets | 22 linkedin
hands typing furiouslyReshaping Customer Engagement & Da...
6757 views 0 | 4 tweets | 2 linkedin

Featured job

Competitive
New York, NY - USA (some flexibility on location)

Find your next job