A cybergang is planning a blitzkrieg-like series of Trojan attacks against 30 American banks this autumn, according to security vendor RSA.
In a blog post, RSA's Mor Ahuvia says that the firm has picked up on underground chatter about the planned attacks, involving around 100 botmasters using a variant of the Gozi Trojan.
The gang intends to deploy the Trojan in an effort to complete fraudulent wire transfers via man-in-the-middle manual session-hijacking scenarios.
Ahuvia says that the operation's masterminds are using forums to put together a team of unrelated crooks, using a bootcamp-style process to select and train botmasters.
Each botmaster will be entitled to a percentage of the funds they will siphon into mule accounts controlled by the gang. To make sure everyone is working hard, each will select their own 'investor,' who will put down the money required to purchase equipment for the operation with the incentive of sharing in the illicit profits.
The gang boasts anti-American motives for its choice of victims but RSA suggests that more likely considerations stem from convenience and prior experience with defrauding and cashing out certain banks' accounts.
"Another attractive element for the attackers appears to be the slim deployment of two-factor authentication (2FA) for private banking consumers in the US, unlike many European banks that generally require all consumers to use 2FA for wire transfers," says Ahuvia.
RSA has passed on its information to US law enforcement as well as its FraudAction Global Blocking Network partners and security teams from potential target banks.