14 DAY TRIAL // I must admit that even if I heard of hundreds or maybe thousands of hack attacks, I've never saw such a powerful one that may affect everyone of us without even knowing. Security company SecureWorks today informed that a new variant of Zbot, an old and dangerous malware, is used by the hackers to compromise consumers' bank accounts and transfer their money into their accounts. The Prg Banking Trojan currently targets the consumers from US, UK, Spain and Italy, Don Jackson, Senior Security Researcher for SecureWorks, wrote today. Just like any other Trojan that attempts to steal the bank account details, Prg tries to infect users' computers in order to get the information once it is typed. But it is way more powerful and you'll see it in the next few lines.
The SecureWorks official described the hacking procedure adopted by the UpLevel group, one of the malicious teams which appear to be based on Prg Banking Trojan. First of all, the hackers attempt to infect the users with a "generic, info-stealing Prg Trojan". In order to do this, numerous emails are sent to potential victims. Obviously, they contain dangerous links which attempt to deploy the infection through iFrames published on those pages.
Using the installed infection, the hackers are then looking into users' computers for bank accounts. In case one potential victim is discovered, they launch a powerful phishing attack supposed to steal their credentials. The phishing websites took the victims on malicious websites equipped with all sorts of add-ons, all of them meant to be installed on their computers. After this second installation is completed, the hacker will be notified every time the victim is doing online banking, so it would be pretty easy to steal his/her money.
Another interesting aspect of the Prg Banking Trojan is represented by the key components which I prefer to reproduce them just like the researchers posted them on the SecureWorks page (the full article is available here):
1. Alerts the hackers when a victim is doing online banking, so the hacker can piggyback in on the session, enabling the hacker to compromise the victim's commercial banking account without using the victim's username and password. 2. The infected computer communicates to the command and controller exactly which bank the victim has an account at, and then it automatically feeds code specific to that bank down to the victim's computer. This code tells the Trojan how to simulate actual online transactions for that particular institution, i.e.: wire transfers, bill payment, etc. 3. Simulates keystrokes, as if the actual victim were typing into his/her computer. 4. The Prg Trojan will run through all the steps an actual banking client would take during a bank transfer, so as to avoid a bank's fraud alerts. 5. Specific customized code for each bank sits with the command and controller. Therefore, if the bank makes any change to its transactions or the hackers need to designate a new account number for the stolen money to be wired to, the hackers can make those changes on the fly without having to change anything with the Prg Banking Trojan.