Devious Trojan Attacks Online Banks

A new Trojan called “W32.Silon” is the latest headache for online banks and their customers, packing a one-two punch that helps it evade security tokens and steal customer log-in information at the same time.

The two-headed Trojan, according to online security software vendor Trusteer, uses a “two-pronged payload” to steal log-in information and commit financial fraud at popular online banks.

“This new Trojan illustrates how advanced malware writers have become in their ability to dynamically execute multiple, bank-specific attacks with a single piece of software,” Amit Klein, CTO and chief researcher at Trusteer, said in a statement. “The level of sophistication built into W32.Silon is concerning, as is its focus on circumventing strong authentication systems like card and PIN readers.”

W32.Silon is a new malware variant that intercepts Internet Explorer Web browser sessions and has been associated with fraud incidents at several large banks, according to Trusteer researchers.

To steal user credentials, W32.Silon performs its initial attack when a user begins a Web log-in session and enters his username and password. The malware intercepts the log-in POST request, encrypts the requested data and sends it to a command-and-control (C&C) server.

When it targets users of online banking applications that are protected by transaction authentication devices such as tokens or banking card readers, W32.Silon waits until the user has logged in and then injects dynamic HTML code into the log-in flow between the user and the bank’s Web server.

First, the malware presents authentic-looking Web pages that appear to be from the bank asking users to employ their transaction authentication device. Next, the user is asked to enter information from the device into the Web page.

This information is then used by the criminals to execute fraudulent transactions on behalf of the user, Trusteer said.

“We have put all of our banking customers on alert, and are attempting to get the word out with this advisory,” Klein said.

The sophistication of online scams has evolved to a point where watchdogs organizations such as the Anti-Phishing Working Group (APWG) have created an entirely new category for defining and quantifying attacks on financial institutions.

The group now defines “crimeware” as code designed to attack the data held by financial institutions.

“Due to evolution of attack sophistication, it is becoming increasingly difficult to separate and report on attacks that are specifically designed to steal customer banking information,” Dan Hubbard, Websense’s CTO, said earlier this month. “Additionally, attacks that only [look] for credentials from popular social networking, Webmail and gaming sites can lead to attacks for banking theft and crimeware.”

Trusteer advises online banking customers to be especially vigilant when conducting transactions online and to visit its Web site for help detecting and removing the W32.Silon Trojan.

Article courtesy of InternetNews.com.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020