Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 15 August, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Banking malware goes back to basics, but is still effective

by The Gurus
September 7, 2020
in Opinions & Analysis
Share on FacebookShare on Twitter

he method of infiltration and exfiltration may stay the same, but how sophisticatedly it is done changes.

While the rise of advanced threats has seen more sophisticated techniques developed and used, in some cases less sophisticated methods and “back to basics” techniques are used.
Earlier this year, Trusteer’s CTO Amit Klein blogged about two malware families, Tinba and Tilon, saying that they were examples of malware going “back to basics”. Recently, Trusteer identified a new variant of Zeus which targeted an Eastern European bank by adding an HTML injection to the transaction page that changes the HTML form field names of the beneficiary account number, name, address and transaction data, while leaving the source account field names and transaction amount field name unchanged.
This variant of Zeus also injects account data of the “mule”, the person whom will act as unwilling or unknowing intermediary, into the field names instead of the altered fields. The victim fills in the transaction details (at the HTML level the field names for some data are incorrect), submits the form and the bank receives an HTTP request for the transaction, only the correct fields now specify the receiving mule account.
Trusteer claim that this demonstrates a “step back” for attackers as they are using a hardcoded HTML injection (with static mule account information) to perform fraudulent transactions which while simple and simplistic. It claimed that this offers two advantages over Javascript HTML injection: there are fewer “moving parts” (dynamic scripts) so it is harder for anti-virus and anti-malware software to detect; and this technique will work on browsers whose users have disabled Javascript for security reasons.
According to Trusteer, this method is “simple, crude but effective!” While it is not completely unsophisticated or without skill, it does move away from the advanced espionage trend to one of basic code injection.
Back in February, Klein said that Trojan developers are investing heavily in stealth capabilities, especially in effots to evade analysis and investigation by security experts. As banks deploy protection layer solutions to monitor online sessions between customers and web applications, these are capable of detecting anomalies during the session to indicate malware-initiated activity. However once in the application, that is where the danger is done.
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Daily news digest – 26th September 2013

Next Post

Fingering the hackers

Recent News

Doctor holding phone

Recovery From NHS Attack Could Take Weeks

August 12, 2022
Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit

Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit

August 12, 2022
Laptop, phone, hands

Campaign Launched to Stop People From Becoming Money Mules

August 11, 2022
MIRACL is One Cybersecurity Company to Watch in 2022

MIRACL is One Cybersecurity Company to Watch in 2022

August 10, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information