Malware Targets Online Banking

Uploaded on 2018-06-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

After noticing a browser extension communicating with a suspicious domain, researchers analysed the Google Chrome extension named Desbloquear Conteudo (unblock content) and found that it was a rare banker malware. The extension, identified as HEUR:Trojan-Banker.Script.Generic, has now been removed from Chrome Web Store. 

According to Kaspersky Lab security researcher Vyacheslav Bogdanov the man-in-the-middle (MitM) extension for Chrome was targeting users of Brazilian online banking services with the goal of collecting user logins and passwords in order to pilfer their savings.

MitM attacks redirect the victim’s web traffic to a spoof website. While the target is under the impression they are connected to a legitimate site, the flow of traffic to and from the real bank site is actually being redirected through an attacker's site so that the criminal can harvest the personal data they are after.

What's interesting about this particular extension is that the developers made no effort to obfuscate its source code. 
Instead, they opted for a MitM attack using "the WebSocket protocol for data communication, making it possible to exchange messages with the C&C [command-and-control] server in real time. This means the C&C starts acting as a proxy server to which the extension redirects traffic when the victim visits the site of a Brazilian bank."

This particular extension used the Proxy Auto Configuration technology, which enabled additional functions beyond the one written in JavaScript for most modern browsers. 

The FindProxyForUrl function was replaced with a new task that redirected traffic from the Brazilian bank to the malicious server. Attackers added malicious code to the webpage using cef.js script in order to intercept the user’s one-time password.
Because the malware was targeting Brazilian users, Bogdanov suggested that the browser extension had the additional function of adding crypto-currency mining scripts to the banking sites users visited.

“Browser extensions aimed at stealing logins and passwords are quite rare in comparison to adware extensions, but given the possible damage that they can cause, it is worth taking them seriously. 

“We recommend choosing proven extensions that have a large number of installations and reviews in the Chrome Web Store or other official services. After all, despite the protection measures taken by the owners of such services, malicious extensions can still penetrate them,” Bogdanov said.

Infosecurity-Magazine

You Might Also Read:

Banks Around The World Hit With Fileless Malware:

Stealthy Malware Is Going Mainstream:

 

« Saudi Commission Signs Deal To Boost Cybersecurity Education
Munich Airport Receives Accreditation For Cybersecurity Training »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

Ikerlan

Ikerlan

Ikerlan is an R&D technology centre specialising in areas including embedded systems, industrial automation and industrial cybersecurity.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

IT-Schulungen.com / New Elements GmbH

IT-Schulungen.com / New Elements GmbH

Under the name IT-Schulungen.com, the Nuremberg-based New Elements GmbH has been operating one of the largest training centres in the German-speaking world for over 20 years.

XBOW

XBOW

XBOW brings AI to offensive security, augmenting the work of bug hunters and security researchers.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.

itm8

itm8

itm8 is a Nordic digital transformation partner offering a wide range of services in IT operations and Cloud Services, Digital Transformation, Application Services, ERP, and Cyber Security.

Clutch Security

Clutch Security

Clutch Security are on a mission to secure all Non-Human Identities. Everywhere.

The Nu-Age Group

The Nu-Age Group

The Nu-Age Group is a technology services firm that specializes in managed IT services, cybersecurity, Cloud solutions, and strategic IT consulting.