Banking Trojan targets live chat

A new strain of financial malware is hijacking live chat sessions in a bid to hoodwink business banking customers into handing over their banking login credentials or into authorising fraudulent transactions, The Register writes.

The attack is carried out using the Shylock malware platform, using a configuration that runs a browser-based man-in-the-middle attack. The assault - which targets business banking customers rather than consumers - kicks in when victims log into their online banking applications.

Sessions are suspended, supposedly to run security checks (on the pretext that the “system couldn't identify your PC”), before a Web-chat screen under the control of hackers is presented to victims, STE Williams reports.

But instead of talking to a customer service rep, the mark is actually chatting to cyber crooks, who will attempt to hoodwink victims into handing over login credentials or other information needed to authorise fraudulent transactions. Unbeknownst to the victims, the fraudsters are relaying authorisation data to the victim's bank during their conversation, carrying out a concurrent fraud in real-time.

“This Web injection is followed by an elaborate Web-chat screen, which is implemented in pure HTML and JavaScript,” Trusteer explains. “Within two to three minutes, if the user's login is valid ... the fraudster engages in a live online chat session with the victim. This exchange is apparently used to gather more information from the victim. The session may even be used to perform real-time fraud by enticing the victim to sign/verify fraudulent transactions that Shylock is initiating in the background.”