Banks have been fighting a tough battle to secure customer's private banking information as cybercrooks find increasingly more complex methods of breaking the security layers protecting their online services. Now they have a new threat to worry about, a Trojan that is capable of redirecting incoming calls from your bank as they try to verify suspicious transactions.
The new Trojan is a modified version of Ice IX developed using the infamous ZeuS cybercime toolkit. Not only does it steal banking information from infected computers, the newly developed Trojan is also capable of capturing information for telephone accounts of unwitting BT, Talk Talk and Sky telephone customers in the UK, as well as those in the US, although which telephone providers are affected is not entirely certain at this point.
Customers are duped into handing over the sensitive data due to a supposed "malfunction of the bank’s anti-fraud system with its landline phone service provider". The obtained information is then used by the cybercriminals to divert phone calls to them. "Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank. This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user," Amit Klein, Trusteer’s CTO explained in a blog post.
Researchers at the security firm Trusteer discovered the new strain of malware used in an attack and further investigation revealed that it stole the victim’s login information and password, their memorable information and secret question answers, date of birth and account balance from the compromised computer.
Using a bogus website, hackers then ask the victims to update their contact numbers and select what phone providers they were using from a drop-down list. The information requested by attackers includes users' telephone account number, which is typically only known to the phone subscriber and the phone company, and necessary to authorize account changes like call forwarding.
The idea is to steal card information, purchase items, and then when the bank suspects your account has been compromised, any call they make to confirm suspicious activity are routed to hacker controlled phone numbers so they can verify the transactions as genuine.
Because the bank believes they are speaking to the account holder, the transactions clear and the criminals are able to use your details for longer, maximizing their illegally obtained profit.
Trusteer has released details including screenshots of how the criminals managed to obtain the information required. Those who may have completed these forms already should immediately contact their bank.