Security firm finds new attack targeting online banking customers

Fraudsters engage in live online chat with victims as account details are stolen

A security firm has uncovered a new form of cyber attack targeting online banking customers that uses live chat from hackers impersonating banking staff.

Trusteer found that the attack uses the Shylock malware platform to execute a Man-in-the-Browser (MitB) sting.

This is a type of browser infection that allows web pages to be modified, or new webpages or transactional content to be inserted between the user and the intended third party, in a completely transparent fashion.

"This particular Shylock configuration uses a classic MitB structure with plenty of fake HTML page injections and uses complex external Javascript resources," wrote Amit Klein, Trusteer CTO.

"It specifically targets business/commercial online banking customers," he added.

The following messages appear on the user's screen once the attack is under way:

"The system couldn't identify your PC.

"You will be contacted by a representative of bank to confirm your personality.

"Please pass the process of additional verification otherwise your account will be locked.

"Sorry for any inconvenience, we are carrying about security of our clients."

Klein wrote that these messages are followed by a live online-chat session with the hackers, during which real time fraud could be attempted.

"This web injection is followed by an elaborate web-chat screen, which is implemented in pure HTML and JavaScript.

"The fraudster [then] engages in a live online chat session with the victim. The session may be used to perform real time fraud by enticing the victim to sign/verify fraudulent transactions that Shylock is initiating in the background."

Trusteer said that this form of attack can be detected by some dedicated security programmes, such as its own, or by banks requiring a form of two-factor authentication before online transactions will be processed.