A new attack against online banking customers uses a malware platform to trick its victims into verifying bogus transactions.
The attack, first described by Trusteer CTO Amit Klein, waits for an unsuspecting business banking customer to log online before telling them that “security checks” need to be performed.
At the same time, Klein claims attackers have meshed Man in the Browser techniques with phishing abilities and the Shylock malware platform to hijack accounts in real time. By asking users to sign off on fake transactions in the background, customers are duped without even knowing it.
As we’ve seen, attackers have hijacked live chat screens before – in particular cases those purporting to be tech support – but in 2012, they appear to be exploiting malware to form a more multi-pronged attack.
For more on this, head to Trusteer.