Jump to main content

Fake pop-ups injected into online banking transactions

Posted on November 19, 2012

MADISON, Wis. (11/14/12)--The latest version of the Citadel banking Trojan malware has something malware analysts have never encountered before: a browser malware that launches fake pop-ops during online banking transactions and tricks online users into re-entering their bank and credit union account logins and passwords.

The risks for credit unions and banks, as well as their members/customers, are obvious. And it means that credit unions and others will need to offer crash courses to their members about defending themselves from the advanced Trojans (Bankinfosecurity.com Nov. 12). Otherwise, financial institutions will see even greater losses due to fraud.

The Citadel, which is an advanced mutation of the infamous Zeus Trojan malware, was discovered in "underground" forums in January. It is a keylogger that steals online banking authorization credentials by capturing the computer user's keystrokes (Bankinfosecurity.com Nov. 12). The Trojan was the topic of a number of warnings to credit unions and banks in August by the Federal Bureau of Investigation (FBI) and the FBI's Internet Crime Complaint Center.

The latest version uses social engineering tools to create the pop-ups, even on legitimate banking sites. And that will confuse consumers making online transactions at their credit union's site.

In the underground forums, Citadel developers are claiming they have infected computers with the new version of the Trojan. They allege they have infected computers relying on Microsoft Security Essentials, McAfee and Norton. The new development has upped the price of the Trojan on the cybercrime market. Several months ago, it went for $3,000. Now it is worth $4,000, say malware researchers (bankinfosecurity.com Aug. 21).

Malware researchers said credit unions and banks should consistently educate users about emerging online and mobile security threats. Explain the variations of the attacks, such as the new pop-up feature, so consumers know what to watch for when online. Also, train staff to identify more quickly suspicious transactions, including withdrawals and wire transfers.

Other advice:

  • Avoid using out-of-date software versions that have vulnerabilities easy to exploit. Software companies issue patches and updates; use them. Out of date Java software in particular has been a gateway for the Trojan infection, say researchers;
  • Run full-system virus scans at least once a week;
  • Use caution when entering user names and passwords and enter these slowly to give time to back out if something seems odd;
  • Regularly visit the FBI's Internet Crime Complaint Center for updates about Citadel;
  • Have a computer expert remove any malware. Even if you succeed in unfreezing the computer, keyloggers and other malware may still be operating in the background; and
  • Never pay money or provide personal information to a suspicious online entity.

Copyright © 2012 - Credit Union National Association, Inc. All rights reserved.

Return to Recent Scams »

Was this information helpful?
Current rating: 5 (2 ratings)