'Eurograbber' online banking scam netted $47 million

By , Network World |  Security, cybercrime

Over the past year, about 30,000 European banking customers were robbed of about 36 million euros -- that's about $47 million -- in an online banking scam that worked by exploiting mobile devices, according to security firms that stumbled into the operation.

The scam has been dubbed Eurograbber by Check Point Software Technologies and Versafe, which say they found out about the operation through financial institutions they know after their online banking customers were hit. Eurograbber typically worked by tricking victims into downloading a customized variant of the Zeus Trojan, which then took control of their computers and intercepted online banking sessions. Getting infected with the Eurograbber Trojan could occur during Internet browsing or falling for a phishing email, said Darrell Burkey, director of IPS products at Check Point Software Technologies, which worked with Israeli-based Versafe to help investigate Eurograbber. 

TECH ARGUMENT: Apple iOS vs. Google Android

"It's basically a man-in-the-middle attack against a bank site," said Burkey, adding that the scam is believed to be a crime operation out of the Ukraine, whose command-and-control servers were recently disrupted by European law enforcement with ISP cooperation.

Eurograbber was first detected in Italy, then spread in Germany, Holland and Spain, and hit both commercial accounts as well as those of individual consumers at about 30 banks, according to Check Point and Versafe, which today published a report about how Eurograbber worked.

Eurograbber was able to illegally transfer funds out of customers' accounts in amounts that ranged from 500 to 250,000 euros. And though there has been much bank-related fraud in the past few years, Eurograbber struck the security firms as notable in how it overcame bank security measures based on sending a so-called transaction authentication number (TAN) via SMS to the customer's mobile device. The TAN is a security measure via SMS intended to allow the bank customer to verify the online banking transaction is one they indeed have authorized -- but Eurograbber compromises that, too.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question