- Jan 8, 2011
- 22,361
- Content source
- http://blog.trendmicro.com/finding-holes-operation-emmental/
In our new report, Finding Holes: Operation Emmental, our researcher David Sancho demonstrates how attackers have been able to come up with a complex yet effective way to attack the latest security countermeasures that protect online banking. By leveraging the openness of the Android platform to install apps from third-party sides, attackers are able to marry traditional phishing attacks to get a user’s username and password with malicious mobile apps to get the session tokens sent to their mobile devices.
Our research shows that these attacks are focused on users in Austria, Switzerland, Sweden, other European countries and Japan. And indications are that those behind the attacks are most likely based in a Russian-speaking country.
But while these attacks may be limited in scope now, they bode ill for the future. Online banking malware is a significant problem already. This shows that even advanced security schemes are vulnerable now. This means that for online banking to be secure, it’s going to be on the industry to come up with a new countermove that meets this latest threat.
Meanwhile, the lesson for banks and their customers is clear: only install official mobile apps from official, trusted sources: Google Play and the Apple App Store. Additionally banks should move to support transaction authentication in addition user authentication.
Trend Micro Report: Finding Holes: Operation Emmental
Our research shows that these attacks are focused on users in Austria, Switzerland, Sweden, other European countries and Japan. And indications are that those behind the attacks are most likely based in a Russian-speaking country.
But while these attacks may be limited in scope now, they bode ill for the future. Online banking malware is a significant problem already. This shows that even advanced security schemes are vulnerable now. This means that for online banking to be secure, it’s going to be on the industry to come up with a new countermove that meets this latest threat.
Meanwhile, the lesson for banks and their customers is clear: only install official mobile apps from official, trusted sources: Google Play and the Apple App Store. Additionally banks should move to support transaction authentication in addition user authentication.
Trend Micro Report: Finding Holes: Operation Emmental
Conclusion
Operation Emmental is a complex operation that involves several components in order to defeat a
particular online banking protection system used in several countries. The infrastructure required
to pull the attack off is not inconsequential—the attackers need a Windows malware binary, a
malicious Android app sporting various banks’ logos, a rogue DNS resolver server, a phishing Web
server with several fake bank site pages, and a compromised C&C server.