During the customer's first banking session after their computer is infected, the Eurograbber malware injects instructions into the session that prompts the customer to enter their mobile phone number. At that point, the victim is told to complete a fake "banking software security upgrade" by following instructions sent to their mobile device via SMS. The attacker's SMS instructions tell the victim to click on a link to complete a "security upgrade" on their mobile phone. However, "clicking on the link actually downloads a variant of 'ZeuS in the mobile" (ZITMO ) Trojan," the report says. "The ZITMO variant is specifically designed to intercept the bank's SMS containing the all-important 'transaction authorization number.'"
This TAM is the key element in the bank's two-factor authorization process for an online banking transaction and once the Eurograbber Trojan on the victim's mobile device intercepts it, it works silently in the background to complete the transaction under control of the crime organization to silently transfer money out of the victim's bank account to where the criminals want.
Burkey said Eurograbber mobile Trojans for the mobile devices Android, BlackBerry and Symbian were identified, as well as for jailbroken iPhones in which the Apple iOS security controls have been disabled. Although so far Eurograbber appears not to have been used as an online banking attack outside of Europe, "there's no reason it couldn't happen here," said Burkey.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: email@example.com.
Read more about wide area network in Network World's Wide Area Network section.