Just when you thought it was safe to go back into the water (am I the only one who understands this reference?)… Online banking is facing a new attack via a trojan which intercepts account information prior to encryption and then kindly transmits the data to be inlcluded in a central attacker database.
The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user’s bank account details over to the attacker’s account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker’s account after entering their second authentication password.1
While Symantec’s website indicates this trojan has a relatively low level of distribution, it still poses grave danger as it works without any user detection.
So, what’s the scoop on Silentbanker?
The Trojan targets many different banks using various methods in order to perform the following:
- Gain access to accounts
- Divert transactions to attacker controlled accounts
The Trojan performs the following actions:
- Redirects legitimate requests to attacker controlled computers
- Alters the HTML of pages shown to the user
- Alters requests sent by the user to the bank
- Captures screen shots of Web sites where the user must click instead of type the password
- Sends full pages received by the victim to the attacker
- Downloads new versions of itself
- Downloads new configuration files
- Records user names and passwords
- Records the content of the clipboard
- Steals cookies, digital certificates, and Adobe .sol files
- Sends a list of all software installed on the compromised computer to the attackers
The threat hooks APIs in the following browsers:
- Internet Explorer
For more information on this threat, click here to read more.