Wednesday, September 29, 2010

ZeuS botnet: Stealing bank access codes via SMS

The latest criminal activity linked to the ZeuS botnet is a software package tailored to BlackBerry and Symbian mobile phones that picks off SMS messages, apparently to break the two-factor authentication code, which mobile bank customers use to access their accounts.

Dubbed MITMO (man in the mobile) by IT security services firm S21sec, the attacker steals both user name and password from infected phones, and uses that information to access the victim's online bank account. When the bank sends the unique, temporary two-factor access code to the victim's cell phone, the malware intercepts it and forwards it to the attacker. The attacker enters the code and gains access to the user's bank account.

No comments:

Post a Comment