Reuters – (International) New bank theft software hits three continents. A new wave of automated hacking of online bank accounts might have stolen $78 million in the past year from customers in Europe, Latin America, and the United States, according to researchers who peered into the computers of the hacking gangs, Reuters reported June 26. The groups used recent improvements to two families of existing malicious software, Zeus and SpyEye, which lodged on the computers of clients at 60 banks. The latest variants automate the subsequent transfer of funds to accounts controlled by accomplices. The findings, to be released by security firms McAfee and Guardian Analytics, confirmed and expanded on research from Japan-based Trend Micro Inc that was first reported the week of June 18. The software is sophisticated enough to defeat “chip and PIN” and other two-factor authentication and to avoid transferring the entire contents of an account at one time, which can trigger review, according to the study. McAfee said the same technology, while still emerging, had been used by a dozen gangs against consumers and business clients of financial institutions. “Someone designing this system has insider knowledge as to what the banks are looking for,” said a research director at McAfee Labs.
Ali Loney, on June 26, 2012