Ice IX banking Trojan steals info that enables fraudsters to hijack phone calls
Trusteer discovered Ice IX configurations that extract telephone account numbers from victims
IDG News Service - New variants of the Ice IX online banking Trojan program are tricking victims into exposing their telephone account numbers so that fraudsters can divert post-transaction verification phone calls made by banks to phone numbers under their control, researchers from security vendor Trusteer warned.
Ice IX is a modified version of ZeuS, one of the most successful and sophisticated online banking Trojans to date. Like its parent, Ice IX has the ability to manipulate the content displayed in browsers used by its victims and inject rogue Web forms into online banking websites.
The rogue forms are usually used to extract online banking credentials along with other security information like secret questions/answer pairs and date of birth. However, new Ice IX configurations analyzed by Trusteer researchers also display forms that ask victims for their telephone account numbers, a piece of information used by telephone companies to verify the identity of their subscribers.
"The victim is asked to update their phone numbers on record (home, mobile and work) and select the name of their service provider from a drop-down list," Trusteer's CTO Amit Klein said in a blog post. "In this particular attack, the three most popular phone service providers in the UK are presented: British Telecommunications, TalkTalk and Sky."
The Trojan then asks victims to input their telephone account number under the pretext of a malfunction of the bank's anti-fraud system with its landline phone service provider. U.S. online banking customers are also targeted, Klein said.
Trusteer suspects that this information is used by fraudsters to access the telecom operator's self-service center and enable call forwarding for the victims' phone numbers without their knowledge. However, the security company doesn't have access to any data proving that such an attack has occurred, Klein said in an email.
The existence of dedicated caller services contracted by cybercriminals to impersonate bank customers and confirm fraudulent transactions can serve as indication that fraudsters need to have post-transaction verification phone calls forwarded to numbers of their choosing.
"Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank," Klein said. "This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user."
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts