SpyEye Banking Trojan Automatically Covers Its Fraud
Online crooks have added a devious piece of engineering to the infamous SpyEye banking Trojan that allows it to cover its tracks and keep victims in the dark as it drains their bank accounts.
The new SpyEye variant is attacking targets in the United States and the United Kingdom using the well-known man-in-the-browser method of capturing login credentials with a tactic called HTML injection. HTML injection inserts new fields into a Web page that phish for customers' credentials.
Once bank account details are snatched, the crooks commit the fraud and pocket the funds. Traditionally, most major banks have policies in place to refund victims of electronic fraud and cybercrime. But the new SpyEye Trojan throws a wrench into this safeguard.
After it strikes, "the malware hides ('replaces') the fraudulent transactions in the 'view transactions' page, as well as artificially changing the total fraudulent transaction amount to balance the totals," Amit Klein, CEO of the security firm Trusteer, wrote in a company blog.
So the next time a person logs into his online bank account, even if someone has made off with thousands of dollars, the victim won't know, as his balance will appear normal, and the malware will have deleted all records of the theft.
"The deceived customer has no idea that their bank account has been 'taken over,' nor that any fraudulent transactions have taken place," Klein said, adding that it could take months before the bank notices the fraudulent activity.
There are ways of avoiding SpyEye, and its close cousin Zeus, which has been responsible for millions of compromised bank accounts. Start by running up-to-date anti-virus software on your computer, and make sure you log in to your bank's online portal through a secure, encrypted connection.