Researchers claim they’ve discovered a malware attack that enabled attackers to steal more than 36 million euros from more than 30,000 online banking customers in Europe.
This new malware called the “Eurograbber,” infected users’ PCs with a new edition of the Zeus Trojan, and then convinced them to download malware to their cell phones, defeating the purpose of 2-step authentication, reported researchers at security vendor Check Point Software and Versafe, an online fraud prevention vendor.
“It was a targeted, multistage, sophisticated attack that used two different Trojans to infect both the online banking system and the user’s phone,” says Darrell Burkey, director of IPS at Check Point. “It broke through both the first factor of authentication on the banking system and the second factor of authentication, which in Europe is often an SMS-based cell phone.”
The attack was advanced in that it infected the banking system first and then sent out a phishing message to customers, telling them to update the online banking software on their cell phones.
The update messages seemed to come directly from the affected bank, and a substantial percentage of clients fell for the trick and downloaded the Zitmo-based malicious software to their phones, the researchers say.