begin quote from:
A
new report from security firm buguroo (BUGUROO OFFENSIVE SECURITY S.L.)
has revealed a new campaign targeting global banks and finance
companies that is utilizing more effective versions of the infamous Gozi
trojan. …
Global banks targeted by new versions of the infamous Gozi trojan
A new report from security firm buguroo
(BUGUROO OFFENSIVE SECURITY S.L.) has revealed a new campaign targeting
global banks and finance companies that is utilizing more effective
versions of the infamous Gozi trojan.
According to the report,
targeted companies include PayPal, CitiDirect BE, ING Bank, Société
Générale, BNP Paribas, the Bank of Tokyo and others and are currently
being honed in Poland, Japan, and Spain before likely being launched in
the United States and Western Europe once perfected.
The new versions of Gozi are said to go undetected by
web fraud solutions as it uses an elaborate form of web injection that
is optimized to avoid detection.
When an infected user at a targeted financial
institution attempts a transaction the Command and Control service is
notified in real time and sends the users’ browser the information
necessary for carrying out a fraudulent transfer.
On the screen the injected code shows the user a
fraudulent deposit-pending alert requesting the security key to complete
the transfer; this sits on top of the actual real transfer page drawing
in the target to key in their code.
Interestingly the account information of the infected
user can include the SWIFT BIC and account information used for
international money transfers, with buguroo suggesting that the new Gozi
variants may underlie the recent spate of fraudulent transfers reported by a number of central banks that utilized Swift for transfers.
Biometric bypass
Making the evolution of Gozi fascinating (presuming
you can appreciate the dark arts) is that in certain newer versions the
trojan is said to send a form of biometric information to its control
panel, including details of how long the user takes to move from an
input field to the next or the time between keystrokes; it then
subsequently uses these values to fill in the necessary field to perform
the fraudulent transfer in an attempt to bypass protection systems that
utilize the biometrics of the given user, or put more simply it inputs
data back into the system mimicking the way the given user types.
“Perhaps
most importantly for businesses, these campaigns are sophisticated
enough to evade traditional web fraud detection tools,” the report
concludes. “Companies are advised to install Internet-based, real-time
web fraud detection to prevent these attacks from happening to them.”
A full copy of the report is available from buguroo here.
Image credit: Pixabay/Public Domain CC0
Duncan Riley
Duncan Riley is a senior writer at SiliconANGLE covering Startups, Bitcoin, and the Internet of Things.
Duncan is a co-founder of VC funded media company B5Media and founder of news site The Inquisitr, and was a senior writer at TechCrunch in its earlier days.
Tips? Press releases? Intersting startup? email: duncan@nichenet.com.au or contact Duncan on Twitter @duncanriley
Duncan is a co-founder of VC funded media company B5Media and founder of news site The Inquisitr, and was a senior writer at TechCrunch in its earlier days.
Tips? Press releases? Intersting startup? email: duncan@nichenet.com.au or contact Duncan on Twitter @duncanriley
No comments:
Post a Comment