New variant of SpyEye banking malware

Norman researchers identified an emerging variant of the SpyEye Trojan that targets specific online banking applications.

SpyEye is a malware toolkit that has become increasingly popular over the past few months and is similar to the widely-used Zeus malware that has caused hundreds of thousands of costly infections globally.

These malware tools cause attacks called “man-in-browser” because, like Trojans, they infect web browsers and modify pages and transactions to steal valuable personal secrets such as Social Security numbers, banking logins and passwords, credit card data – even complete identity profiles stolen from autofill applications.

A consumer or enterprise user may pick up the malware while innocently browsing thousands of infected popular web sites. SpyEye waits for the user to access on online banking account before activating.

“Norman, working in early February with several banks in Norway, identified a specific variant of SpyEye that criminals have recently developed,” said Einar Oftedal, director of Malware Detection. “This variant has also targeted other banks in Europe and Asia. It could easily be modified to work against any bank in any country. Online banking users in Europe and North America should be very vigilant to guard against this online risk.”

This particular variant of SpyEye targets only the initial login field on a bank’s legitimate web page, capturing login and password information and rapidly and illegally transferring money until the application times out in about 20 seconds.




Share this