RealTime IT News

Eurograbber Nabs $47 Million with Multi-Layered Mobile SMS Attack

The Eurograbber Trojan infects users by a variety of different means, including malicious links and drive-by JavaScript download script injection. When an infected user goes to a bank website, the Trojan injects code into the session that alerts the user to follow or click a specific link.

"The bank customer has some level of comfort because they initiated the activity by going to their banking website, which is where the alert popped up," Burkey said. "The Trojan requests that the user provides their mobile phone number in order to complete a required upgrade."

A user who falls for the ruse and provides the mobile phone number will then receive an SMS on their phone, purportedly from their bank. That SMS directs the user to click a link which downloads a Zeus mobile Trojan.

"At that point the user is basically owned, and the next time they access their bank account the attack initiates a transaction to transfer money out of the account to the attacker's account," Burkey said.

The Eurograbber attack was discovered by Check Point and security vendor vendor Versafe after their customers were hit by the attack. Eyal Gruner, security engineer at Versafe, told eSecurity Planet that when the Eurograbber attempted to inject code into a banking website used by customers of theirs, an alert was triggered.

Read the full story at eSecurity Planet:
Inside Eurograbber: How SMS Was Used to Pilfer Millions

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.