A Trojan horse appears to be collecting data from users of an online payment system and could have already removed money from up to 300 accounts, according to security software firm Kaspersky Labs.
The Trojan horse, dubbed Eurosol, steals the personal account information from people using the WebMoney e-wallet payment. The Eurosol Trojan horse is contained in a program called CC-Bank, which WebMoney users are being told they can download to earn money by viewing adverts. While the CC-Bank program displays a series of banner adverts, the Trojan scans the installed hard disks in the search for key files from the client program of the WebMoney Transfer system. Once the Trojan has found the files, it transfers the stolen e-wallet details to an FTP server.
As yet this is all theory. While Kaspersky labs rates the Trojan as "exceptionally dangerous", in practice there is no evidence that it has yet actually stolen anybody's money. "However," said Kaspersky Labs in an alert, "an analysis of the FTP server -- where the stolen information is transferred -- allows us to say that more than 300 users are already in the situation where in the near future, their accounts in WebMoney could be discovered to have no funds available."
Furthermore, the Eurosol Trojan. is aimed only on the users of the Russian-based WebMoney, according to Kaspersky Labs.
WebMoney uses a pre-paid card system to help people buy from affiliated online stores. When customers get to the check out section, they select the WebMoney method of payment, enter a code, and the price of the goods is deducted from their account.
WebMoney was not available for comment at the time of posting.
Take me to the Hackers News Special