Millions of emails are being sent, which pose as coming from major U.S. banks says the Dell SecureWorks’ Counter Threat Unit. “You have received a new encrypted message or a secure message from [XYZ] Bank,” among the email campaigns said, mentioning the bank has established a secure email exchange for its clients as a way to lessen privacy and security risks.
The e-mail includes an infected attachment the “bank” wants the client to download and registration to the supposed secure email system. When downloaded, it executes the pony downloader Trojan that establishes Gameover and steals online banking credentials, credit card account numbers, and additional information.
“This particular group has found a combination of malware, tactics, and procedures that leads to success for them. They will continue to follow the same process [of working this way],” said Jon Ramsey, CTO of Dell SecureWorks. “The malware they use is a private version of theirs, and they don’t sell it on the black market. They feel there’s more of an upside financially in keeping it private.”
About 680k+ machines ended up infected with Gameover Zeus in August, according to SecureWorks, and it’s the biggest botnet targeting financial institutions today.