A malware researcher has warned about hackers using the real-time web' to target the web pages of businesses like banks and other financial institutions.
Joe Stewart, director of malware research for SecureWorks, spoke to the New York Times about a Trojan called Clampi', which used real-time techniques to attack people who could access corporate bank accounts with particularly big balances.
After the trojan was planted in machines it sent a real-time stream of the user's actions using modified instant messaging software. The hacker could then log in to a user's bank account.
If the bank account was using a one-time temporary password, the hacker could also copy this if it was used. These funds would then be transferred to wherever they needed to go.
Stewart said to the New York Times: "What everybody thought was a very secure identification method, these guys found a low-tech means to get around it."
"They don't break the encryption, they just log in at the same time you do," he added.
-
US gov makes $2bn investment in domestic quantum firmsNews The Department of Commerce says it wants to strengthen the country's presence in this critical technology sector
-
Data center industry faces ticking power time bombNews Technical and regulatory hurdles make colocation unscalable for most developers, Wood Mackenzie has warned
-
UK workers are shockingly relaxed about selling access to company systemsNews Research from UK fraud prevention service Cifas shows that insider fraud is rife
-
Rethinking fraud prevention: From identity checks to identity signal integritySponsored With new techniques being used by criminals, fraud detection has to move with the times to ensure security
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
FBI warns scammers are using cryptocurrency ATMs to siphon cashNews Criminals will stay on phone with victims as they make payments, says advisory
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Hackers fake DocuSign and offer fraudulent signing methodsNews Criminals impersonate the e-signing company to steal credentials
