Akamai: Surge in hackers using complex crimeware to drain money from online bank accounts

There is an increase in use of complex crimeware that gathers the passwords of online customers at specific banks and automatically transfer funds out of their accounts, according to Akamai's security group.

There is an increase in use of complex crimeware that gathers the passwords of online customers at specific banks and automatically transfer funds out of their accounts, according to Akamai's security group.

The surge is being aided by a tool called Yummba webinject, which generates pop-ups injects - during legitimate banking sessions that ask for usernames and passwords, says Akamai's Prolexic Security Engineering & Response Team (PLXsert) in a threat advisory. The phony dialog boxes mimic the look and feel of the genuine bank Web pages with logos, colors and fonts used on the legitimate site.

Yummba webinject is being used in concert with other malware to present the popups, send stolen credentials to command and control servers, steal information about account balances and automatically transfer funds to accounts controlled by criminals, the advisory says. While this type of initial attack is not uncommon, automating the theft of funds represents another level of sophistication, Akamai says.

The Yummba webinjects are meant to be used in tandem with the Automatic Transfer System Engine (ATSEngine), which allows injecting content into Web sites and automatically transferring funds out of compromised accounts. The ATSEngine also easily updates malware configurations without having to reinfect the attacked machines.

PLXsert identified more than 100 companies for which custom versions of this attack have been written and that are being sold on the malware black market. The most targeted companies are larger financial institutions in North America and Europe.

Akamai believes Yummba is written by a Russian individual or group. It has been distributed as elements in larger crimeware packages including Zeus, SpyEye and KINS, PLXsert says.

To lessen the threat of being victimized users can try anti-virus software and deep packet inspection tools that look for malware signatures, although variants of the attacks could slip by, Akamai says.

Blocking outbound URLs known to service the attacks could help mitigate losses. Training users in how to recognize phishing attacks can also reduce the number of machines that these attacks are successful against. Endpoint security such as group policy objects, software restriction policies and Enhanced Mitigation Experience Toolkit for Windows machines can help, too, Akamai says.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityProlexicAutomatic

More about Toolkit

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place