Trend Micro Incorporated has released a new threat report that identifies an Automatic Transfer System (ATS) which allows cybercriminals to breach bank security measures and clean out a victims’ bank accounts without leaving signs of criminal activity.
The report, written by Trend Micro’s Senior Threat Researcher, Loucif Kharouni, discusses how the ATS tool is used in conjunction with SpyEye and ZeuS malware variants to create a “Man in the Browser (MitB)” attack. The attack does not require the criminal to be online during the victim’s session and will automatically conduct a wire transfer using the victims’ credentials, without alerting them.
Entitled “Automatic Transfer System, a New Cybercrime Tool” the 9 page PDF report documents attacks that have been directed towards banks which are using enhanced security measures, such as those that impose daily account transfer limits and use two-factor authentication through SMS notifications. Banks in Germany, the United Kingdom and Italy have been targeted the most for these attacks.
“The attacks are of particular concern because they circumvent traditional and even enhanced online banking security measures,” said Tom Kellermann, VP Cybersecurity, of Trend Micro. “Due to the seemingly imperceptible way that this ATS tool modifies records, endpoint solutions must be used to prevent infections from starting or to detect the threat after it has already affected a machine. Users should also update their endpoints security systems frequently to ensure they afford themselves the best chance to prevent these attacks.”
The ATS tool currently only affects bank accounts where a PC running Windows is used to access bank records. Unlike previous cybercrime tools that interact with SpyEye and ZeuS, the ATS tool also does not prompt pop-up displays and will automatically perform several tasks such as checking account balances, conducting wire transfers and modifying account transactions to hide traces of the tool’s presence. No banks in Canada or the United States have reported to be affected yet, but previous threats that have been linked with SpyEye and ZeuS create the possibility that the tool can be repurposed to attack banks in Canada or the United States.
See also: How Social Engineering Works for additional information.