U.S. banks could be bracing for wave of account takeovers

Share this article:

Security researchers at RSA warned Thursday that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States.

Based on an analysis of "underground chatter," researchers have determined that a Russian-speaking cyber gang is preparing to launch a large-scale attack in which fraudsters will infect victims' computers -- mostly belonging to home users -- with a trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers on their behalf by hijacking live banking sessions.

"If the gang's plans do materialize, this campaign could be the largest coordinated attack on American financial institutions to date," Mor Ahuvia, cybercrime communications specialist at RSA's FraudAction Research Labs, wrote in a blog post.

For the operation to come to fruition, however, the masterminds are relying on a number of recruits who will serve as "accomplice botmasters," Ahuvia wrote. Each of these individuals will control a segment of computers infected with the trojan being used, dubbed "Gozi Prinimalka." (The machines initially will be seeded with the trojan via drive-by downloads).

Additionally, the botmasters will be trained in how to deliver instructions to compromised endpoints, as well as how to perform man-in-the-middle bank transfers. They also will be asked to find an "investor" to fund items needed for the campaign, such as laptops and servers.

But these botmasters won't have access to the code of the Gozi Prinimalka trojan.

"At no point in time will accomplice botmasters receive the Gozi Prinimalka compiler," Ahuvia wrote. "This model ensures that accomplice botmasters will be completely dependent on the Gozi Prinimalka gang for receiving new executable files."

According to RSA, the orchestrators are using a number of methods to ensure their plan isn't foiled.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.