A sophisticated multi-stage virus attack that infected consumer PCs and mobile phones was used to steal over €36 million from 30,000 customers of 30 banks in Italy, Spain, Germany and Holland over summer 2012.
The theft used malware to target the PCs and mobile phones of banking customers. It also took advantage of the SMS messages used by banks to secure customers' account logins.
The attack targeted both corporate and private banking users, performing automatic transfers that varied from 500€ to 250,000€ each to intermediary accounts across Europe.
The 'Eurograbber' raid - which is believed to have emanated from cybercrime servers in the Ukraine - was picked up by tech security firms Check Point and Versafe. The initial payload of the Zeus Trojan corrupted consumer PCs, intercepting online banking transactions and duping users into handing over their mobile phone number. The mobile Trojan worked on both Blackberry and Android devices, giving attackers a wider reach.
With victims' PCs and mobile devices compromised, the scammers could intercept and hijack all the victims' banking transactions, including the bank's SMS to the customer containing the 'transaction authentication number' (TAN). With the account number, password, and TAN, the attackers were able to stealthily transfer funds out of victims' accounts while victims were left with the impression that their transaction had completed successfully.
Gabi Reish, head of product management at Check Point, says: "Cyberattacks are constantly evolving to take advantage of the latest trends. As online and mobile banking continue to grow, we will see more targeted attacks in this area, and Eurograbber is a prime example."
He says all the banks involved have been notified and Check Point and Versafe are actively working with law enforcement agencies to halt the spread of the virus.