Trojan attacks 2nd tier Banking Defense

Posted: September 11, 2012 in IT Security News
Tags: , , ,

Malware Trojan HorseExperts Trusteer have fixed a new attack Banking Trojan Tatanga. During the attack, designed to intercept one-time code generated by the personal TAN-generator, using social engineering techniques. TAN-codes (Transaction Authorization Number) used in online banking systems as an additional level of protection against fraud in the operations on customer accounts.

This is a one-time passwords that are generated for each transaction, and their input is intended to support the authenticity of the person registered in the system and gives the bank a “good” for the completion of the transaction. In the banking environment, there are many different procedures for confirmation of transactions one-time password. In Germany, for example, are popular mTAN (code sent to the client in the form of SMS) and chipTAN – system and giving the customer a personal TAN-generator. The latter creates a one-time password based on the flashing image that appears when entering the bank site, it reads directly from the PC screen.

Of course, an attacker can extract from phishing and the user registration data, and TAN-code. However, the latter is only valid for a single transaction, and the thief should have time to use it, while this short period has not expired, – and so that the victim was found stealing. Modern Phishers solve this problem with a Trojan that can substitute on the fly by the method of banking page html-injection and handle stolen data in favor of the owners (Man in the Browser, MitB-attack), reports

Prominent representative of such programs is the family of interceptors Tatanga (in Kaspersky Lab. classification Trojan-Banker.Win32.Tatag), appeared on the internet scene in the beginning of last year. According to experts the Spanish S21sec, Tatanga nadelenMitB fully-functional uses rootkit technologies, is able to block antivirus remote command, works with almost all browsers are compatible with Windows, and does not like the neighborhood competitors. This malicious program prefers to attack customers of European banks, especially German.

In May, Trusteer discovered attack Tatanga, requesting the victim TAN-code sent by SMS-bank channels. The pretext for the fake request made on behalf of the bank, serve as a test of the two-factor authentication, allegedly carried out by the bank. Option malware discovered in early September, uses the same subject, but German-language text that appears on a front page, detailed instructions to sacrifice, how to create a one-time password for the “test” transaction with a personal TAN-generator. The user is asked to enter the password into a web form, which gives the opportunity Tatanga secretly conduct a fraudulent transaction. The client to the bank found no shortage, malware replaces account information, sent by the bank at the end of the session.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s