bank


A long time ago, I posted a video showing how to control Zitmo (the mobile component of ZeuS). It turns out you can (nearly) do exactly the same with Emmental. If you are not aware of Operation Emmental, please jump to this excellent white paper. So, basically, this operation aims at compromising bank accounts, in particular (but not limited to) Swiss banks - where the naming Emmental comes from. Like ZeuS and Zitmo, or SpyEye and Spitmo, Emmental compromises the victim's PC and installs a trojan spyware on the Android phone. The scenario is well... [Read More]
by RSS Axelle Apvrille  |  Oct 21, 2014  |  Filed in: Security Research
We recently had a company contact us regarding an email they received from their bank. The company's access to its online banking account was blocked by its bank due to fraudulent activity observed through the account. A screenshot of the email received can be seen below. What I found extremely strange and suspicious about the email, and set the alarm bells ringing in my head, was the fact that the email contained 5 zip-compressed images as attachments. After going through it a second time, even the Anti-Virus link started to feel suspicious. Even... [Read More]
by RSS Ruchna Nigam  |  Jul 30, 2012  |  Filed in: Security Research
Yes, you have probably heard the news: a new variant of Spitmo - Zitmo/ZeuS's counterpart for SpyEye, which previously targeted Symbian phones only - has recently been spotted on Android. The scenario is the same as before: a victim, browsing on a PC infected with SpyEye, logs in her bank's website. SpyEye injects forms and elements directly into the webpages she is viewing, so as to lure her into installing a fake security application on her phone, thinking it's required by the bank. That application actually intercepts SMS messages - especially... [Read More]
by RSS Axelle Apvrille  |  Sep 16, 2011  |  Filed in: Security Research
Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months (see my ShmooCon slides). Lately, there's been an active discussion on technical forums regarding ZeuS targetting Android users. We finally managed to get our hands on the mobile sample the ZeuS PC trojans are propagating. Actually, it is not a new sample and has been detected under several names (Android.Trojan.SmsSpy.B, Trojan-Spy.AndroidOS.Smser.a, Andr/SMSRep-B), but it is far more scary when... [Read More]
by RSS Axelle Apvrille  |  Jul 08, 2011  |  Filed in: Security Research