Akamai warns banks of new ‘crime kit’

By Digital News Asia December 2, 2014
  • Used on machines compromised by Zeus and other malware
  • Malicious actors alter webpages to steal information from users
Akamai warns banks of new ‘crime kit’

AKAMAI Technologies Inc is alerting banks and enterprises to the use of Yummba webinject tools in banking fraud, and making banks even more vulnerable to malware.
 
The company’s Prolexic Security Engineering & Response Team (PLXsert), in a new cybersecurity threat advisory, said that Zeus crimeware has a history of being used to control compromised hosts (zombies) for many types of cybercrime.
 
These include the harvesting of banking credentials, building botnets for distributed denial of service (DDoS) attacks, and targeting Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) infrastructures, it said in a statement.
 
Now, the added capabilities of Yummba custom webinjects make the malware even more dangerous, Akamai added.
 
Webinject attacks available for sale in the wild vary in sophistication from simple attacks that report account information and credential theft, to highly advanced webinjects that utilise ATSEngine for automated fund transfers to attacker-controlled accounts.
 
Each Yummba webinject is customised to match the look-and-feel of a website of a specific financial institution to fool the user into entering banking credentials, Akamai said.
 
What’s more, the Yummba webinjects work with the malicious Automatic Transfer System (ATSEngine), streamlining the process of wiring a victim’s funds to a third-party account.
 
As a result, a malicious actor using Yummba webinjects can inject dynamic content into a web display when a customer visits an online banking site, steal information from the user’s session, and immediately and automatically transfer funds out of the victim’s accounts.
 
“PLXsert has identified more than 100 financial institutions for which active webinjects are available in the wild,” said Stuart Scholly, senior vice president and general manager of the Security Business Unit at Akamai. “Most are mid-size and large financial institutions in North America and Europe.”
 
“Preventing these attacks requires user education, improved security and system hardening, and international cooperation and community cleanup,” he added.
 
PLXsert anticipates the underground crimeware ecosystem will continue to produce new and more powerful tools like Yummba webinjects to take advantage of the massive number of exploited devices on the Internet.
 
Its advisory is available for download at www.stateoftheinternet.com/yummba.
 
Related Stories:
 
Malaysia among countries most hit by e-banking malware: Trend Micro
 
ATM hack a global issue: Interpol and Kaspersky Lab
 
Security risks hiding in encrypted traffic: Blue Coat
 
 
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.

 
Keyword(s) :
Akamai
Prolexic
PLXsert
Banking Malware
Botnet
Zeus
Fraud
Yummba
Webinject
Stuart Scholly
 
Author Name :
Digital News Asia
 

Digerati50 2020-2021

Download Digerati50 2020-2021 PDF

DOWNLOAD

Download Digerati50 2020-2021 PDF

Digerati50 2020-2021

Get and download a digital copy of Digerati50 2020-2021