Eurograbber Nabs $47 Million with Multi-Layered Mobile SMS Attack
Page 1 of 1
"The bank customer has some level of comfort because they initiated the activity by going to their banking website, which is where the alert popped up," Burkey said. "The Trojan requests that the user provides their mobile phone number in order to complete a required upgrade."
A user who falls for the ruse and provides the mobile phone number will then receive an SMS on their phone, purportedly from their bank. That SMS directs the user to click a link which downloads a Zeus mobile Trojan.
"At that point the user is basically owned, and the next time they access their bank account the attack initiates a transaction to transfer money out of the account to the attacker's account," Burkey said.
The Eurograbber attack was discovered by Check Point and security vendor vendor Versafe after their customers were hit by the attack. Eyal Gruner, security engineer at Versafe, told eSecurity Planet that when the Eurograbber attempted to inject code into a banking website used by customers of theirs, an alert was triggered.