Banking trojans caught in the wild…a threat to secure online banking

Why you need a secure browser. 

Whilst this recent tale of a misunderstood cybercriminal in the underworld makes for entertaining reading, it is important news to every business and their bank accounts.

In March 2017, after stumbling badly through the various tests put in front of new forum sellers to validate their intentions, one particular malware author calling himself Goysa responded quite unusually, appearing to panic and dump all of his code online—essentially giving his malware away for free.

The malware it turns out, is quite legitimate, and researchers believe we will soon see it used in attacks against banking customers.

Back in December 2016, Goysa joined the trading forums spruiking it as new malware called NukeBot—“a Zeus-like banking trojan”. Zeus is one of the most notorious pieces of malware developed in recent years, wreaking havoc through the mid-2000s and stealing vast sums of money for its mysterious owner.

The unconventional story of NukeBot’s discovery, and the analogies it has to Zeus turned heads in the cyber security and researcher community.

NukeBot appears to have a range of impressive capabilities, which, like Zeus, enable it to be used in lots of different ways to carry out attacks. With the source code now dumped, other hackers can easily borrow it to repackage and re-distribute NukeBot as their own new malware.

Antivirus software can often take a while to detect new malware, and most do not currently detect NukeBot (or the aliases of other related malware) at all.

One of the interesting features identified in Nukebot is its support for what is called a “Man-in-the-Browser attack. This kind of malware feature was prominent during the mid-2000s (around the time of Zeus) and its probable resurgence through examples such as NukeBot should be cause for worry.

In particular, for online banking users, it is a highly effective attack which can quickly achieve direct access to your money. It’s difficult to detect and difficult to prevent. It’s also particularly good for getting around the modern encryption and two-factor authentication methods used to secure banking websites.

A clean, secure browser will avoid such attacks, but it’s nearly impossible to be sure if you really have a clean browser, and it’s much too late when you find your money gone. To our knowledge BankVault is the best solution in the marketplace today, for ensuring a new, pristine and safe browser every time you need one.

About Man in the Browser attacks

The name, “Man-in-the-Browser”’ describes an attack approach which is built around intercepting or interfering with your data as it’s travelling between your computer and the bank.

There’s a variety of “Man-in the….” kind of attacks—depending on where in the process The Man is trying to access your data. The most common form, Man-in-the-Middle, involves an attacker literally playing the role of a data middle-man when a victim logs onto a secure website like online banking. In the most well-known example of this, the attacker will access data travelling across free public Wi-Fi, and the victim essentially exposes all their password and logon information as it passes by.

Although effective and relatively easy to carry out, an attacker using the Man-in-the-Middle method needs to be physically nearby to tap into your WI-FI connection. This limits the feasibility of carrying out such an attack on lots of people.

The Man-in-the-Browser (MitB) method, on the other hand, uses malware to infect your internet browser. This is an important difference for a number of reasons. Firstly, it means it can readily scale to target thousands of people, without the attacker needing to leave home.

Secondly, because the malware targets your internet browser, it gains access to your data before it is encrypted for transmission to the bank—negating the central security mechanism used by the majority of websites on the internet.

Finally, it can also be cleverly used to circumvent many of the other common security techniques used by websites—including two factor authentication, and it doesn’t give away any of the common security tells which will attract suspicion from you, your antivirus software, or the bankfor example if you were redirected to a fake website.

From the attacker’s point of view, MitB methods provide good options for stealing information and money, and depending on how they set it up, can allow them to interfere with the way your browser displays your online banking session in real time—such as adding extra fields for you to enter passwords, or at the banks end by adding charges to your transaction or diverting your funds without anything seeming amiss to you or the bank.

It’s simply not possible for a bank to secure against this kind of attack because it’s out of their reach. As a businessperson, you need to take control of your end of the process. Ask the people who work to protect you about the difficulties protecting transactions, they’ll all focus on the end user and their computer—not the bank.

BankVault gives you that confidence and control of the parts of the process banks can’t secure for you.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email