View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 5, 2012

UPDATED: PC and mobile malware combo grabs €30m in online banking heist

'Eurograbber' infects PCs then switches to mobile devices - and targets online banking credentials

By Steve Evans

Cyber criminals have stolen €36m from users across Europe using malware that can be installed on a PC and mobile phone, and work in harmony across both devices.

According to the Financial Times, the Eurograbber malware is thought to be the first of its kind in that it infected a desktop PC and a mobile device. It also took advantage of two-factor authentication used by online banking systems.

Around 30,000 people are thought to have been caught out by the malware across Germany, Italy, Spain and the Netherlands.

According to reports Eurograbber first works by infecting a PC, most likely due to the user visiting an infected website or opening an infected document. Once installed the malware waits for the victim to instigate an online banking session, at which point it asks them to upgrade their online banking security capabilities.

This process involves asking the user to enter their mobile phone number. If the user does this they will receive a text message on their phone, which prompts them to update the security on their mobile device as well. When the user clicks the link, a second piece of malware is installed, this time on the phone.

This second part of the Eurograbber malware is designed to intercept the authentication codes banks send out during online banking sessions.

The malware can then carry out a second transaction in real-time as it can intercept the required information on the PC and on the mobile.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Victims lost between €500 and €250,000, the Financial Times said. It targeted Android and BlackBerry phones, the report added.

The malware, which is a variant of the Zeus family, was discovered by Check Point and Versafe, when their customers became infected.

Darrell Burkey, director of intrusion prevention products at Check Point, said the malware was well designed. "Not to give kudos to the attackers, but it was a good piece of engineering. The mobiles they targeted were very common mobiles, and they targeted very successful banks," he told the FT.

Trend Micro’s Rik Ferguson told CBR that the malware seems to be the same as the Zitmo malware previously detected.

"It doesn’t appear to be functionally any different from the other Zitmo variants and attacks we have been seeing in the wild since September 2010," he said. "The first documented attack was in Spain, the second in Poland and since then we have seen them across several major European countries affecting the Symbian, Windows Mobile, BlackBerry and Android operating systems."

Ferguson add that online bank users in the UK are less likely to fall victim to the malware, as banks here rely less on text messages as a vehicle for authentication codes.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.