Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Strong Authentication New OddJob Trojan Threatens Financial Institutions

New OddJob Trojan Threatens Financial Institutions

Security firm Trusteer has identified a new trojan they have named OddJob which keeps banking sessions open after banking customers believe they have logged off. From Trusteer:

We have found a new type of financial malware with the ability to hijack customers’ online banking sessions in real time using their session ID tokens. OddJob, which is the name we have given this Trojan, keeps sessions open after customers think they have “logged off”’, enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users' digital - and online monetary - assets.  We have been monitoring OddJob for a few months, but have not been able to report on its activities until now due to ongoing investigations by law enforcement agencies. These have just been completed. 

Information Week also reports the security firm F-Secure has found that a variant of the financial malware Zeus Mitmo is again active, this time targeting mobile phone customers of ING Bank in Poland. 

"Computers infected with a ZeuS Mitmo Trojan will inject a 'security notification' into the Web banking process, attempting to lure the user into providing their phone number," said Sean Sulllivan [of S-Secure]. "If a phone number is provided, the user will receive an SMS link pointing to the mobile component, ZeusMitmo.A." Clicking on the link then presents Symbian and BlackBerry users with Zeus Mitmo malware tailored to their smartphone.

The goal of Zeus Mitmo is to create fraudulent transactions using the mobile device, while subverting the bank's security procedures. In particular, the malware's mobile component creates a man-in-the-middle attack that steals the one-time password that some banks send via SMS to authorize a financial transaction, which are also known as mobile transaction authentication numbers (mTANs). By hijacking this security verification process, Zeus Mitmo disguises its fraudulent activities from users.