Results for bank

Threat Research

0wning Emmental

A long time ago, I posted a video showing how to control Zitmo (the mobile component of ZeuS). It turns out you can (nearly) do exactly the same with Emmental. If you are not aware of Operation Emmental, please jump to this excellent white paper. So, basically, this operation aims at compromising bank accounts, in particular (but not limited to) Swiss banks - where the naming Emmental comes from. Like ZeuS and Zitmo, or SpyEye and Spitmo, Emmental compromises the victim's PC and installs a trojan spyware on the Android phone. The scenario is well...

By Axelle ApvrilleOctober 21, 2014

Threat Research

Dr.Jekyll or Mr.Hyde?

We recently had a company contact us regarding an email they received from their bank. The company's access to its online banking account was blocked by its bank due to fraudulent activity observed through the account. A screenshot of the email received can be seen below. What I found extremely strange and suspicious about the email, and set the alarm bells ringing in my head, was the fact that the email contained 5 zip-compressed images as attachments. After going through it a second time, even the Anti-Virus link started to feel suspicious. Even...

By Ruchna NigamJuly 30, 2012

Threat Research

Spitmo gets on Android: mini-FAQ

Yes, you have probably heard the news: a new variant of Spitmo - Zitmo/ZeuS's counterpart for SpyEye, which previously targeted Symbian phones only - has recently been spotted on Android. The scenario is the same as before: a victim, browsing on a PC infected with SpyEye, logs in her bank's website. SpyEye injects forms and elements directly into the webpages she is viewing, so as to lure her into installing a fake security application on her phone, thinking it's required by the bank. That application actually intercepts SMS messages - especially...

By Axelle ApvrilleSeptember 16, 2011

Threat Research

Zitmo hits Android

Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months (see my ShmooCon slides). Lately, there's been an active discussion on technical forums regarding ZeuS targetting Android users. We finally managed to get our hands on the mobile sample the ZeuS PC trojans are propagating. Actually, it is not a new sample and has been detected under several names (Android.Trojan.SmsSpy.B, Trojan-Spy.AndroidOS.Smser.a, Andr/SMSRep-B), but it is far more scary when...

By Axelle ApvrilleJuly 08, 2011