Fake Chat Screen Malware Hijacks Banking Customers

Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:32:44


A new attack against online banking customers uses a malware platform to trick its victims into verifying bogus transactions.

The attack, first described by Trusteer CTO Amit Klein, waits for an unsuspecting business banking customer to log online before telling them that “security checks” need to be performed.

From there, the customer receives a series of notifications claiming that a representative of the bank will assist – via chat – in verifing their account to avoid a lockout. On a chat screen operating through a mix of HTML injections and Javascript, the victims think they are speaking to customer support. In reality they are chatting with a cybercriminal that is attempting to get them to provide names, passwords and other banking credentials.

At the same time, Klein claims attackers have meshed Man in the Browser techniques with phishing abilities and the Shylock malware platform to hijack accounts in real time. By asking users to sign off on fake transactions in the background, customers are duped without even knowing it.

As we’ve seen, attackers have hijacked live chat screens before – in particular cases those purporting to be tech support – but in 2012, they appear to be exploiting malware to form a more multi-pronged attack.

For more on this, head to Trusteer.