• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Malware
  • Security
  • Malware and new sophisticated cyber techniques against banking

Malware and new sophisticated cyber techniques against banking

Pierluigi Paganini June 20, 2012

Money motivates the cyber assault to banking by cybercrime, but the finance world is also considered a privileged target for sponsored-state attacks as part of cyber offense strategies. Let’s consider that the banking world is profoundly changing, the introduction of mobile devices, social networks, the openess to web services, the coming of new technologies such as NFC are all factors that are dramatically increasing the surface of attack for banking institutes. We are assisting to a race between criminals and banks to improve security, especially for the web offer where crime is consolidating the trend to adopt malware to conduct attacks against user’s accounts. Recently it has been detected a Trojan tool that is able to perform stealth attacks against the banks account, stealing money and covering the tracks to account holders. Malware such as Zeus and SpyEye work applying a classic man-in-the-middle schema of attack to steal money from the account proposing to the victim fake login forms to capture user’s credentials. Other malware have been equipped with injection mechanisms that are also able to propose altered account balances to hide the amounts stolen. Recently Trend Micro has published the news of the creation of a new toolkit named ATS (Automatic Transfer System) composed of Javascript and HTML web-injection scripts used to intercept user’s interaction with on line banking forms providing artifact information of the available funds on the account, also querying and transfering data without user interaction. With this mechanism it is possible to hide the scam to the user delaying the discovery of the fraud. This kind of attacks of increasing complexity requires specific skills often recruited within the underground market of East European programmers, freelancers of the crime. The automatic transfer systems (ATSs) have been introduced in some variants of the famous SpyEye and ZeuS, the nightmares of the banking systems. The ATSs were parts of WebInject files known as collection of scripts implemented to steal victims’ personal online banking, webmail service, and financial service (e.g., PayPal accounts) account credentials. As described the JavaScript and HTML code inside the WebInject files are used to create fake login forms and also to provide fake account balance hiding the theft to the customers and illegal transactions made. The entire process has been totally automated, once infected by ATS the victims aren’t able to view illegal transaction that are performed in the time. Today it is possible to retrieve various active ATSs in the wild, based on a common framework, used by cybercrime to conduct automated frauds. Typically schema of infection use phishing emails with links to phished pages or malware attachments and drive-by downloads attacks from malicious or compromised legitimate sites. We are also assisting to C2C (crime to crime) collaborations, groups of cyber criminals specialist exchange favors to explore new sectors of the crime merging with traditional criminal organizations. We discussed of the phenomenon related to C2C when we have analyzed the effect of cybercrime in Russian regions. For these specific attacks an individual that is considered one of the most skilled specialist is know as ArtCard, aka “xs.”, that offers high quality WebInject files interoperable with either ZeuS or SpyEye toolkits.

 

The banks most  attacked with ATS are located in Italy, UK and Germany, the countries where have been observed the major investments in security and where the level of protection is high and request sophisticated techniques to realize scams. Trend Micro researcher, Loucif Kharouni declared:

“ATS infection is difficult to determine since ATSs silently perform fraudulent transactions in the background. It is, therefore, a good practice to frequently monitor banking statements using methods other than doing so online (i.e., checking balances over the phone or monitoring bank statements sent via mail),”

The ATS aren’t the unique cyber threats to banking, we have also other kind of malware that hit the sector and it is observed an increasing trend for other attacks such as DDoS attacks made by hacktivists of foreign states sponsored hackers. In the last months another fraud schema has been deployed to attack banks and financial institutions, using ransom Trojans, agents that demands money before attempting to steal user logins. An example is provided by the Trojan:W32/Reveton, a ransomware application that claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a ‘fine’ must be paid to restore normal access.

These methods of attack alongside the classic frauds in the sector, such as identity theft and cloning of smartcards, but to worry the security experts of banking is also the rapid spread of new botnets based on P2P technology due the extreme difficulty to counter them.

Finally, as mentioned in the first part of the article, great emphasis on security aspects must be given at the opening of banking services to mobile and social networks, platforms that are relatively young in which the perception of the cyber threat is low and the adoption of safety systems is the almost zero, fruitful ground for cyber criminals looking for easy business.

IT Banking, a growing sector that must be adequately protected

Pierluigi Paganini


facebook linkedin twitter

ATS Automatic Transfer System banking Botnets Cybercrime DDoS hacktivists malware man-in-the-middle mobile devices NFC phishing ransomware social networks sponsored-state attacks SpyEye Zeus

you might also like

Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT