Mobile banking security bypassed in fiendish malware blag

Bloody SIMple when you know how


Cyber-crooks are blagging SIM cards that allow them to circumvent mobile-based banking security measures and swipe cash from punters' accounts.

Security biz Trusteer has uncovered two elaborate techniques that will defeat out-of-band authentication mechanisms such as SMS-delivered one-time passwords (OTP) for online banking websites. These scams involve crooks getting their hands on duplicate SIM cards to execute fraudulent transactions.

The extra effort is worthwhile because accounts protected by OTP systems typically have higher transfer limits, making them more valuable to crooks. In addition, banks tend to treat transactions given the go-ahead by OTP authorisation as less likely to be fraudulent and are therefore far less likely to be subjected to additional anti-fraud screening, according to Trusteer.

How the scams work

The first attack involves a combination of online and physical fraud: the crook either runs a phishing expedition or uses malware to obtain a victim’s bank account details and credentials. As well as requesting login details, the fraudster also seeks to obtain the intended victim's name, phone number and other personal information.

Armed with these details the crim impersonates a victim to report the mark's mobile as lost or stolen to the cops. This allows the fraudster to get their hands on a police report.

The criminal then calls the victim to notify them that their mobile phone service will be interrupted for few hours. In the meantime, the criminal visits a mobile service provider’s retail outlet, presenting the police report on the supposedly lost or stolen mobile.

The victim’s SIM card is deactivated by the mobile provider while the criminal gets a new SIM card that receives all incoming calls and OTPs sent to the victim’s phone number.

Trusteer came across the elaborate scheme in an underground carder forum.

In the second attack, a variant of the Gozi Trojan uses a web page injection hack on infected Windows PCs that prompts victims to enter their mobile's unique IMEI number when they attempt to access their online bank account. The malicious script explains how to retrieve the IMEI number, which can be found on the phone’s battery or accessed by dialling *#06# onto a mobile keypad.

Using this number, the fraudster then reports the mobile phone as lost or stolen to a mark's mobile service provider and requests a new SIM card. Once the crook gets his hands on the duplicate SIM cards, OTPs intended for the victim are sent to the fraudster-controlled device instead.

"The one common thread in both schemes is that they are made possible by compromising the web browser with a Man in the Browser (MitB) attack to steal the victim’s credentials," explains Trusteer’s CTO Amit Klein. "By combining stolen personally identifiable information with clever social engineering techniques, criminals using these attacks don’t need to trick users into verifying fraudulent transactions."

"They are able to bypass out of band authentication mechanisms like SMS-delivered OTPs by authorising these transactions themselves," he added.

More details of both scams can be found in a blog post by Trusteer here. ®

Similar topics

Broader topics


Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022