Free fraud protection scam delivers financial malware

There are plenty of reasons for the cliche known as FUD (Fear, Uncertainty, Doubt) in the cyberworld. There are a staggering number of threats online, and any number of vendors trying to ease the minds of computer users with security products.

Now, in a new twist on FUD, an online banking Trojan horse first discovered in May 2011 is promising security products to gain access to confidential personal information to steal identities and money.

"[The new scam] is both simple and extremely believable -- they are promising online banking fraud protection insurance that is, well, fraudulent, " the online security firm Trusteer's senior malware analyst, Ayelet Heyman, wrote in a blog post on Tuesday about Tatanga.

One report said Tuesday that the scam works by "[displaying] a rogue message inside the browser when the victim authenticates on their bank's website, claiming that their bank is offering free credit-card fraud insurance to all customers."

The Tatanga malware affects nine browsers, including Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Safari, and uses social engineering techniques to try to trick victims into bypassing security measures enforced by banks, like one-time passwords (OTPs) or transaction authorization numbers (TANs).

Oren Kedem, director of product marketing for Trusteer, says the new configuration of Tatanga, discovered last week, was initially aimed at customers of a specific bank in Spain, but he says the authors of it may be trying to spread it to customers of other banks. So far, he says, the scam is not aimed at the U.S.

"We don't know where it originated," he says, "but it's fair to assume that the people are Spanish speaking, and familiar with the Spanish banks. There is reason to believe it is coming from that part of the world."

Kedem says he does not know how many customers may have fallen for the scam, but that it may appear credible to customers because it hijacks the browser and then injects a page, or part of a page, that looks to the customer like part of the bank web page.

Since it works when the customer is on the bank's website, it also finds out how much the customer has in his account, and offers free insurance for that amount.

To counter such threats, Kedem says the banks should provide anti-malware services to customers, and says there are "some things they could do on the website side that would detect abnormal behavior."

The most effective way to counter it, however, is making customers more savvy. "Banks need to make customers watch for any change from normal," he says. "They should be suspicious if they see any unsolicited offering, anything that is asking for new information, if the screen changes or if suddenly somebody from the bank is chatting with you. Call the bank and ask if it is genuine."

"The best way to be safe is to be suspicious," he says.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

More about GoogleMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts