Trojan logs e-banking habits

Trojan logs e-banking habits

Summary: An antivirus company has detected a new Trojan attack that steals e-banking details when users log into legitimate banking sites

SHARE:
TOPICS: Security
3

Security experts say they have discovered a Trojan horse that records e-banking user details and Web surfing habits.

Antivirus company Sophos is warning that the Banker-AJ Trojan is targeting online customers of banks such as Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest.

The company said that once installed, the Trojan waits for users to visit their online banking Web sites, captures passwords and takes screenshots of the session. The information is then relayed to the hackers behind the ploy, who use the data to steal money.

"It's the next generation of phishing attacks," said Graham Cluley, senior technology consultant for Sophos. "These rely on people going to real legitimate sites. Once the Trojan determines that you've gone there, it starts taking keystroke logs and snaps shots of machines and sends it back to hackers."

But Barclays Bank said it had seen the technique before. A spokeswoman for the company said: "This type of Trojan is something [we] have been aware of for some time. We are working with industry to identify the next steps to help combat fraud and are interested in educating customers."

Sophos also said it had seen a similar Trojan (Tofger) a few months ago, but the technique had mainly been used in Brazil.

"We did see another one a few months ago," added Cluley. "Some of the Brazilian ones just wait for the user to look at a Web site with the word 'bank' in, but this one specifically targets many well known UK banks, and that makes it notable."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Is it only me? Or did I not notice a name for the spyware?

    Come on folks. We'd like to understand (know) what we are looking for in terms of the name of the malicious code.

    Is that too much to ask?
    anonymous
  • "Antivirus company Sophos is warning that the Banker-AJ Trojan is targeting online customers of banks such as Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest"

    It might help if you actually read the article...
    anonymous
  • It might also be of use to us if Sophos would let us know how this Trojan gets into our machines in the first place. What do we need to look out for?
    anonymous