Banking Malware Relays Passwords to Cyber Criminals

John Lister's picture

Researchers have warned of a sneaky trick that uses malware to collect passwords for online banking. The "Metamorfo" malware disables autocomplete to force users to retype passwords that can then be hijacked.

Metamorfo is familiar to security researchers, but has developed two new characteristics. The first is that it no longer targets only financial institutions in Brazil, but has expanded to other countries. The seconds is a new tactic to make it more effective.

The malware works in a familiar fashion. It's distributed through a .ZIP file that's disguised as an invoice attached to bogus emails. Once installed, Metamorfo uses keylogger technology that notes what a user types into the computer and then relays it to the criminals.

User Must Retype Password

The new trick is that the malware closes all open browsers and then disables auto-complete and auto-suggest when the user reopens a browser. That means the user will have to manually type in passwords when the keylogger is active. (Source: zdnet.com)

Analysis of the malware by Fortinet shows it monitors for 32 keywords associated with online banking. This makes it easier for the scammers to identify when somebody logged on to a site, making it much quicker to isolate the login details. (Source: fortinet.com)

Banks Defenses May Be Valuable

Defending against the tactics is a two-part process. The first step is general good practice to avoid getting hit with the malware in the first place such as being skeptical about unexpected email attachments and making sure to run up-to-date security software that can spot when malware is installed.

The second step is to prefer online banks with security measures that can limit the success of keyloggers. For example, some banks ask users to type in specific characters from a password or key phrases, meaning a keylogger can't simply collect an entire password in one go.

Some banks also use measures such as sending a text message with a required one-time code to login, or offer a device that uses a bank card to verify the user's identity.

What's Your Opinion?

Would you have thought to be suspicious if auto-complete suddenly stopped working? Are you confident in the security measures of any online banking you use? Do you think you'd be sure to avoid opening and running a .ZIP attachment in the first place?

Rate this article: 
Average: 5 (12 votes)

Comments

buzzallnight's picture

That would be a major alarm!
I usually have IE and Chrome open
I really hate to say it but M$ IE 11 is just so much better than chrome it is pitiful, chrome is dumbed down for smart phones so you don't have any controls at all.

Would you have thought to be suspicious if auto-complete suddenly stopped working?
YES
Are you confident in the security measures of any online banking you use?
NO
Do you think you'd be sure to avoid opening and running a .ZIP attachment in the first place?
YES!