Israeli based security firm Trusteer recently spotted a new variant of the SpyEye Trojan that not only allows cybercriminals to steal banking details, but cover up any digital evidence of unauthorized purchases.
Once the latest SpyEye variant infects a user’s machine, the malware waits until the user visits a banking website at which point it uses a sneaky man-in-the-browser attack method known as HTML injection to modify the login process and capture the user’s debit card information.
Of course, once the miscreants nab the victim’s debit card details, they begin racking up fraudulent charges by purchasing whatever it is their little black hearts’ desire. Details for the unauthorized transactions are immediately stored within the malware’s control panel.
Whenever the victim logins into their online banking website, SpyEye not only edits the account balance to appear as if no money has been stolen, but it also modifies the transaction history page in order to hide any charges posted by the crooks.
As a result, the victim remains oblivious to any of the unauthorized use of their debit card so long as they continue to check their online bank statements via the infected computer. Only when the victim reviews their account through other means (ATM, uninfected PC, paper billing statements, etc.) will they discover that their account has been compromised.
SpyEye first appeared in late 2009 and is said to be the successor of the infamous Zeus banking malware. SpyEye uses a variety of tricks in order to steal sensitive data and avoid detection and is often spread via e-mail attachments, drive-by-downloads and phishing attacks.
Remember that Russian-based cybercriminal that made over $3.2 million dollars in six months last year using various malware toolkits? SpyEye was one of the kits he used.
Users can protect their PC against the SpyEye Trojan by ensuring their operating system is current and patched, always running up-to-date antivirus software with a personal firewall and accessing their bank website via secure, encrypted connections.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.