Business banking customers target for new 'live chat' malware attack

Cybercriminals have engineered a new strain of malware that is designed to dupe online banking customers into initiating a live chat session with a bogus bank agent on their PC screen.

  0 Be the first to comment

Business banking customers target for new 'live chat' malware attack

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Financial crime outfit Trusteer said it stumbled on the scam - which is geared specifically to business banking users - when working with a leading financial institution. The attack uses a variant of the Shylock malware platform to perform a Man in the Browser takeover as customers log in to their online accounts.

The session initially stalls, and the following message is displayed in the victim's browser: The system couldn't identify your PC. You will be contacted by a representative of bank to confirm your personality. Please pass the process of additional verification otherwise your account will be locked. Sorry for any inconvenience, we are carrying about security of our clients.

This web injection is followed by an elaborate web-chat screen, which is implemented in pure HTML and JavaScript. Within two to three minutes, the fraudster engages in a live online chat session with the victim, harvesting security protocols while simultaneously logging in to the user's real account.

"This is yet another example of the ingenuity of fraudsters and their ability to exploit the trust relationship between users and applications provided by their online service providers," says Trusteer CTO Amit Klein. "To prevent malware from getting onto the endpoint in the first place, the browser needs a layer of security that is on par with the protection afforded to networks, databases, servers, and access devices."

Sponsored [On-Demand Webinar] Global Workforce Payments: Mastering a world of complexity

Related Company

Comments: (0)

[Webinar] PREDICT 2025: The Future of AI in the USFinextra Promoted[Webinar] PREDICT 2025: The Future of AI in the US