A US cyber security firm on Wednesday warned that hackers using a sophisticated “Zeus” virus were siphoning cash from online accounts at a British financial institution.
The software secretly slipped onto machines, most likely at booby-trapped websites, and is designed to “hijack” online banking sessions, according to M86.
The malicious software gets between customers and their banks, showing people screens of how their accounts should look while actually letting a command-and-control center take control of the transactions, the firm said.
“Customers of one of the biggest financial institutions have fallen victim to a sophisticated attack by cybercriminals using Web-based malware to rob money via the bank’s online banking system,” M86 reported.
A command-and-control center for the cyber crooks was tracked to Eastern Europe and all the findings have been shared with law enforcement authorities, according to the security firm.
“These criminals continuously seek new, sophisticated ways to steal information and money without detection,” M86 said in a paper detailing its findings.
“And it’s increasingly difficult for security companies to stay ahead of the proliferation of new, dynamic malware.”