Array
(
)
Computerworld India News | Cybercriminals Use Online Banking Fraud Automation Techniques | Computerworld.in

Cybercriminals Use Online Banking Fraud Automation Techniques

Lucian Constantin June 27, 2012
Cybercriminals combine traditional banking malware with server-hosted scripts to automate online bank fraud, researchers say.

Cybercriminals attempted to steal at least US$75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication, according to a report released by antivirus firm McAfee and online banking security vendor Guardian Analytics.

The new fraud automation techniques are an advancement over the so-called man-in-the-browser (MitB) attacks performed through online banking malware like Zeus or SpyEye.

Banking malware has long had the ability to inject rogue content such as forms or pop-ups into online banking websites when they are accessed from infected computers. This feature has traditionally been used to collect financial details and log-in credentials from victims that could be abused at a later time.

However, attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time, McAfee and Guardian Analytics researchers said in their report.

LATEST NEWS

Google App Maker aims to ease enterprise development

Google is making it simpler for business to create custom apps. Its new App Maker service lets you integrate apps with Google's services and run them on the same data center infrastructure as its G Suite of productivity software.