Wednesday, February 29, 2012

Shylock Malware Launches Fake Chat Window to Steal Banking Details in Real-Time

Shylock Malware will Chat with YouWould you feel better if malware (and the cybercriminals behind it) took the time to actually have a conversation with you while stealing all of your banking information?

It can be done.

Security researchers over at Trusteer have come across yet another configuration of the Shylock malware using clever man-in-the-browser (MitB) tactics to dupe business/commercial users of an unnamed “leading financial institution.”

“When the victim logs in to the online banking application, the session stalls for few minutes and the user is told that security checks are being performed.” Amit Kleen wrote, “This is where things get, for lack of a better word, interesting.”

Though a series of fake HTML page injections and complex JavaScript code, the victim is presented with a LIVE chat window that is being operated by the cybercriminal.

Obviously the goal of the fraudster is to collect additional personal information from the victim and the suspicion is that the cybercrook will use words of persuasion to get the victim to verify fraudulent transactions as Shylock silently initiates them in the background.

Shylock Malware Screenshot

Screenshot Credit: Trusteer

“This is yet another example of the ingenuity of fraudsters and their ability to exploit the trust relationship between users and applications provided by their online service providers.” Klein warned, “This attack could conceivably be used against enterprises and their employees, with the attacker posing as an IT help desk technician.”

Shylock, which Trusteer has been monitoring since last September, gets its nickname from the tendency to quote random excerpts from Shakespeare’s “The Merchant of Venice” in every new build. Citation quirks aside, Shylock boasts incredible anti-detection features that allow the malware to monitor symptoms of an antivirus system scan, delete its own files and registry entries when a scan is underway (remaining active only in memory) and hook itself into the Windows shutdown procedure to reinstate its infection upon system restart.

With these types of threats frolicking about, it’s more important than ever for users to not only keep their computer systems patched, up-to-date and protected by a comprehensive antivirus solution, but always remain vigilant when conducting business online.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment