View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Banking malware ‘Luuuk’ stole €500,000 within a week

The malware also gathered the users’ logins and passwords and one-time passcodes.

By CBR Staff Writer

About €500,000 has been stolen from accounts in an undisclosed large European bank in Italy and Turkey via a new banking Trojan campaign dubbed ‘Luuuk’, within a week during early 2014.

Security firm Kaspersky has identified more than 190 victims from whom the amount have been stolen with each bank account ranging between €1,700 and €39,000.

According to the security researchers, the campaign was detected after a Command and Control (C&C) server was discovered on the internet on 20 January.

Kaspersky Lab principal security researcher Vicente Diaz said: "Soon after we detected this C&C server, we contacted the bank’s security service and the law enforcement agencies, and submitted all our evidence to them."

"On the C&C server we detected there was no information as to which specific malware program was used in this campaign," Diaz added.

"However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) – have that necessary capability.

"We believe the malware used in this campaign could be a Zeus flavor using sophisticated web injects on the victims."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

As part of the campaign, the malware also gathered the users’ logins and passwords and one-time passcodes and also verified balance in the account and executed several fake transactions automatically.

Further, Kaspersky also found facts of several different ‘drop’ groups, with each of them being assigned with different sums of money.

"These differences in the amount of money entrusted to different drops may be indicative of varying levels of trust for each ‘drop’ type," Diaz added

"We know that members of these schemes often cheat their partners in crime and abscond with the money they were supposed to cash.

"The Luuuk’s bosses may be trying to hedge against these losses by setting up different groups with different levels of trust: the more money a ‘drop’ is asked to handle, the more he is trusted."

However, the C&C server linked to The Luuuk had been packed up soon after the commencement of investigation.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU