14 DAY TRIAL // Carberp, a Trojan mainly designed to steal banking information, often compared to the infamous ZeuS or SpyEye families, has been making rounds again, its latest variant being programmed to steal Ukash voucher numbers and other sensitive data.
Ukash is a brand of SmartVoucher Ltd, created in 2005 and representing an international cash payment method that makes online transactions easier to perform.
As many other Trojans do lately, this new version of Carberp relies on the naivety of Facebook users to steal their sensitive information along with their money.
Trusteer researchers came across the piece of malware in a cleverly designed scheme in which the victim is redirected to a fake Facebook page where a warning message alerts the visitor that his account is being temporarily locked.
In order to unlock the account, the victim is requested to provide a first name, last name, email address, date of birth, passwords and a Ukash voucher number that’s worth $25 (20 EUR), allegedly needed to confirm verification.
Basically, the user not only hands over his Facebook account, but also $25 (20 EUR). In the effort of not raising too much suspicion, a message on the page reassures the social network customer that the amount of money is added to his Facebook account balance.
Man-in-the-browser (MitB) attacks such as this one are highly efficient for the fraudsters since they can immediately use or sell the vouchers, making them hard to trace.
“With the growing adoption of e-cash on the internet, we expect to see more of these attacks. Like card not present fraud, where cybercriminals use stolen debit and credit card information to make illegal online purchases without the risk of being caught, e-cash fraud is a low risk form of crime,” Trusteer experts said.
“With e-cash, however, it is the account holder not the financial institution who assumes the liability for fraudulent transactions.”
This being said, users are advised to be on the lookout for similar Facebook pages and ignore the claims they make.