Trend Micro Report: 'Operation Emmental' - Defeating Banking Security

Status
Not open for further replies.

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
In our new report, Finding Holes: Operation Emmental, our researcher David Sancho demonstrates how attackers have been able to come up with a complex yet effective way to attack the latest security countermeasures that protect online banking. By leveraging the openness of the Android platform to install apps from third-party sides, attackers are able to marry traditional phishing attacks to get a user’s username and password with malicious mobile apps to get the session tokens sent to their mobile devices.

Our research shows that these attacks are focused on users in Austria, Switzerland, Sweden, other European countries and Japan. And indications are that those behind the attacks are most likely based in a Russian-speaking country.

But while these attacks may be limited in scope now, they bode ill for the future. Online banking malware is a significant problem already. This shows that even advanced security schemes are vulnerable now. This means that for online banking to be secure, it’s going to be on the industry to come up with a new countermove that meets this latest threat.

Meanwhile, the lesson for banks and their customers is clear: only install official mobile apps from official, trusted sources: Google Play and the Apple App Store. Additionally banks should move to support transaction authentication in addition user authentication.

Trend Micro Report: Finding Holes: Operation Emmental

Conclusion
Operation Emmental is a complex operation that involves several components in order to defeat a
particular online banking protection system used in several countries. The infrastructure required
to pull the attack off is not inconsequential—the attackers need a Windows malware binary, a
malicious Android app sporting various banks’ logos, a rogue DNS resolver server, a phishing Web
server with several fake bank site pages, and a compromised C&C server.
 

Moose

Level 22
Jun 14, 2011
2,271
Linux Live CD seem to be the defeat against Banking Trojans!;) That is for Windows!
And what are using to protect your Phone App's from Banking Trojans and Passwords
Attacks?
 

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Linux (any OS) is still susceptible to Phishing emails or fake webpages, so usernames and passwords can still be easily stolen.
 
  • Like
Reactions: Moose and Jack
Jul 24, 2014
1
Agreed some security methods are vulnerable. Two-factor authentication is a solid security practice, but the techniques vary quite a bit. The OTP exploited by Emmental is obviously flawed because the hackers have redirected the OTP to themselves. An interactive second factor to authenticate the actual person like a voice biometric or fingerprint would have stopped some of the Emmental account hijacks. A phone call over the voice channel of the mobile phone repeating the actual transaction details, like “To send $5,000 to an account ending in Ivan666 do this… to cancel do that” would catch the end users attention if they were sending $50 to the electric company.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top