14 DAY TRIAL // The German Federal Police (BKA) has warned consumers about a new banking trojan that tricks victims into transferring money out of their accounts by themselves.
While that might sound improbable, the attack is actually very sneaky and relies on web injects, a technique commonly used by banking trojans to modify pages seen by users in real time.
Hooking into the browser processes and altering what the users see is actually one of the core functionalities of most malware that targets banking customers.
According to the BKA advisory, which has since been removed for unknown reasons, when the victim logs into the online banking website the trojan prompts them with a page claiming their account was credited by mistake and they need to return the money immediately.
Anticipating that the user's first reaction is to check their account's balance and history, the trojan modifies these to reflect the fake transfer. It then presented a transfer form with the number of an account controlled by the fraudsters already filled in.
BKA advises users to contact the nearest police station if encountering such messages because their computer is likely infected with this trojan. It also encourages them to treat links in emails with care and keep their operating system up to date.
Banking trojans have been known to modify account balances before, but this is the first time when such sophisticated social engineering is used. Users should always contact their banks over the phone when encountering unusual messages on their online banking website.
In fact, if possible, online banking should be performed from a dedicated computer running an alternative operating system like Linux. For convenience this can also be done in a virtual machine or by booting into it via a live CD.