Hey readers....
IT company Trusteer said the discovery of a new type of financial malicious software that can invade the chat sessions between customers and bank employees that accompany the work of online banking. The purpose
of this Trojan standard - capture the data required to enter the online banking systems and implementation of fraudulent transactions.
IT company Trusteer said the discovery of a new type of financial malicious software that can invade the chat sessions between customers and bank employees that accompany the work of online banking. The purpose
of this Trojan standard - capture the data required to enter the online banking systems and implementation of fraudulent transactions.
The attack is based on malicious code Skyhock platform and represents a variety of attacks such as man-in-the-middle. The observed pattern of malicious software increasingly focused on business users, rather than individuals, as the intercepts data from several popular corporate banking applications.
During his time in the malicious code suspends the session, ostensibly to conduct security checks of the system, but after this, the Trojan appears to the user bank employee with whom he had just spoken, and as a result a brief conversation with the victim trying to extract details for the access to online banking system.
Trusteer notes that most passwords in online banking systems, disposable or have a limited duration, so the Trojans should be permanently connected operator to quickly connect with the obtained the necessary details to the fraudsters, and transactions.
From a technical point of view, the malicious code uses standard technologies such as HTML and JavaScript to spoof the contents of the chat session window.
Detailed technical information about the malicious code is available here: http://www.trusteer.com/blog/speakin...t-commit-fraud
During his time in the malicious code suspends the session, ostensibly to conduct security checks of the system, but after this, the Trojan appears to the user bank employee with whom he had just spoken, and as a result a brief conversation with the victim trying to extract details for the access to online banking system.
Trusteer notes that most passwords in online banking systems, disposable or have a limited duration, so the Trojans should be permanently connected operator to quickly connect with the obtained the necessary details to the fraudsters, and transactions.
From a technical point of view, the malicious code uses standard technologies such as HTML and JavaScript to spoof the contents of the chat session window.
Detailed technical information about the malicious code is available here: http://www.trusteer.com/blog/speakin...t-commit-fraud
0 comments:
Post a Comment