© Shutterstock New malware empties bank accounts!
ESET researchers have discovered a new bank malware, BackSwap, which uses an unusual technique to bypass special protection measures of popular browsers.
Malware, which ESET detects and blocks as Win32 / BackSwap.A, attacks through Google Chrome, Mozilla Firefox, while in recent releases its creators added attack and Internet Explorer features.
Spread of BackSwap is through spam email targeting users in Poland. Emails have a JavaScript downloader file attached. The downloader, which comes from the Nemucod malware family, has been obfuscation.
After entering the system through the browser, BackSwap expects to detect banking activity and will take action if the amount of bank transfer varies within a certain range – usually targeting payments between 10,000 and 20,000 zlotys in Poland (about 2,800-5,600 US dollars). Then, it inserts malicious JavaScript into the website, either through the JavaScript browser console or directly into the address bar.
All these functions are done without the user’s knowledge. This is a seemingly simple trick, which however manages to fool the advanced browser protection mechanisms, which have been developed for more complex attacks.
As noted by Michal Poslušný Malware Researcher of ESET:
“Win32 / BackSwap.A shows us that in the ongoing battle between the security industry and banking malware, new malicious techniques do not necessarily have to be very sophisticated to be effective. We believe that, as browsers are better protected from modern attacks, malware developers will attack the browsers in different formats, and Win32 / BackSwap.A may prove that. “
ESET has notified developers of affected browsers about the innovative method that BackSwap uses, while ESET’s solutions detect and block malware.
Source: www.euro2day.gr
(Συνολικές Επισκέψεις: / Total Visits: 25)
(Σημερινές Επισκέψεις: / Today's Visits: 1)