Hackers targeting Indian banks with advanced SpyEye

After targeting financial institutions in Europe, hackers are now increasingly targeting Indian financial institutions with the latest variants of malaware like SpyEye and Zeus to siphon larger amounts of money from bank accounts, Japanese security company Trend Micro has cautioned.

After targeting countries like Germany, Italy and United Kingdom, cyber criminals are now targeting Indian cities, with the highest number of phishing strikes being reported in cities like Hyderabad, Nashik, New Delhi and Bangalore and even Thanjavur, said Trend Micro, which has many banks as customers.

With a whopping 187 per cent rise in phishing attacks being reported on various Indian brands in May this year over the previous month, the Japanese global cloud security company pointed out that significantly, all phishing attacks on Indian brands in May targeted the banking sector, with one in every four using an '.in' domain and the top cyber threats created specifically to target bank balances.

"The new software allows the criminal to siphon money out while he sleeps. It could significantly increase the number of hacked accounts and the speed with which they are drained," said Trend Micro's country manager (India and SAARC) Amit Nath.

"The new code has the potential to dramatically escalate the amount being stolen from accounts and a years-old arms race between the banks and criminal groups. This has tremendous implications especially as masses are moving towards banking by phone. This attack toolkit ushers in a new era of bank heists," he added.

According to a Trend Micro report on 'Automating online banking fraud-- automatic transfer system: the latest cybercrime toolkit feature', two of the most pervasive and dangerous types of software for stealing money from bank accounts - SpyEye and Zeus - have been improved and enabled to transfer money out automatically, without a hacker's supervision and have already stolen hefty amount at a time from a single account and are in the early stages of deployment.

The programs have already used a technique called "web injection" to generate new entry fields when victims log on to any number of banks or other sensitive websites, said Trend Micro, pointing out how instead of seeing a bank ask for an account number and password for instance, a victimized user sees requests for both of those and an ATM card number. Everything typed in then gets whisked off to the hacker, who later signs in and transfers money to an accomplice's account.

For the past year or more, some variants have also captured one-time passwords sent from the banks by text messages to client cell phones as an added security measure. But in those cases, a hacker had to be online within 30 or 60 seconds in order to use the one-time password, the report pointed out.