We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Zeus Trojan intercepting bank text messages

ING customers in Poland targeted by malware

A version of the Zeus malware that intercepts one-time passcodes sent by SMS (Short Message Service) is targeting customers of the financial institution ING in Poland.

The security vendor F-Secure blogged on Monday about the issue, which was analysed on the website of security consultant Piotr Konieczny. F-Secure wrote that it appears to be the same style of attack found by the Spanish security company S21sec last September, which marked a disconcerting evolution in Zeus, one of the most advanced banking Trojans designed to steal passwords.

Zeus has changed its tactics, since some banks are now using one-time passcodes sent by SMS to authorise transactions performed on a desktop machine. First, attackers infect a person's desktop or laptop. Then, when that person logs into a financial institution such as ING, it injects HTML fields into the legitimate web page.

Those fields ask for a person's mobile phone number and the model of their phone. When that information is entered, the attacker sends an SMS leading to a website that will install a mobile application that intercepts SMSes and forwards messages to another number controlled by the attackers. The Zeus mobile component will work on some Symbian and BlackBerry devices.

Once that setup is complete, the attacker can simply do a transfer whenever it is convenient, such as when an account has just received a deposit. An attacker can log onto the account, receive the SMS code and begin transferring money.

ING officials contacted in the Netherlands on Monday afternoon did not have an immediate comment.

The SMS ability of Zeus has prompted vendors such as Cloudmark to warn about how SMS spam, or SMS messages designed to enable other malware, are a growing threat. Cloudmark sells a system to operators that analyses SMS messages and can filter ones that have spam or other offensive content.


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model