Cybercriminals have come up with a new way of duping unsuspecting bank customers into handing over their funds. They promote shady insurance that supposedly protects against losses caused by online banking fraud.
Trusteer experts detail the way these attacks work and how they leverage the Tatanga malware platform to ensure the success of the malicious campaign.
First, the malware informs the victim of the allegedly free offer via web browser injection. Then, the potential victim is presented with a fake insurance account whose value is purportedly equal to the amount of money currently present in the bank account.
In order to activate the new account, the user is requested to authorize the transaction by entering the one-time password the bank sends via SMS to his/her mobile device.
In reality, the “insurance account” is a normal account that belongs to a money mule who is involved in the scheme. When users authorize the so-called activation, they are actually authorizing a fund transfer from the victim to the mule.
The screenshot provided by Trusteer shows a notification pushed by Tatanga that's designed to target Spanish speakers. The parts that appear in quotes are replaced with the victim’s data during the attack.
Experts have determined that the crooks steal the entire amount of money from the victim’s bank account if the balance is between 1,000 ($1,300) and 5,000 EUR ($6,500). However, if the amount is exceeded, they will only take 5,000 EUR.
“Once they have compromised an endpoint, the ability of Tatanga and the other cybercrime platforms to commit online fraud is limited only by the imagination of criminals. As this latest scheme illustrates fraudsters do not lack creativity when it comes to developing new methods that trick victims into authorizing fraudulent transactions,” Trusteer’s Amit Klein concluded.