U.S. banks could be bracing for wave of account takeovers

Share this article:

Security researchers at RSA warned Thursday that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States.

Based on an analysis of "underground chatter," researchers have determined that a Russian-speaking cyber gang is preparing to launch a large-scale attack in which fraudsters will infect victims' computers -- mostly belonging to home users -- with a trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers on their behalf by hijacking live banking sessions.

"If the gang's plans do materialize, this campaign could be the largest coordinated attack on American financial institutions to date," Mor Ahuvia, cybercrime communications specialist at RSA's FraudAction Research Labs, wrote in a blog post.

For the operation to come to fruition, however, the masterminds are relying on a number of recruits who will serve as "accomplice botmasters," Ahuvia wrote. Each of these individuals will control a segment of computers infected with the trojan being used, dubbed "Gozi Prinimalka." (The machines initially will be seeded with the trojan via drive-by downloads).

Additionally, the botmasters will be trained in how to deliver instructions to compromised endpoints, as well as how to perform man-in-the-middle bank transfers. They also will be asked to find an "investor" to fund items needed for the campaign, such as laptops and servers.

But these botmasters won't have access to the code of the Gozi Prinimalka trojan.

"At no point in time will accomplice botmasters receive the Gozi Prinimalka compiler," Ahuvia wrote. "This model ensures that accomplice botmasters will be completely dependent on the Gozi Prinimalka gang for receiving new executable files."

According to RSA, the orchestrators are using a number of methods to ensure their plan isn't foiled.

Page 1 of 2
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.