Friendly Computers gained information about a frightening new malware that can steal money from your bank account, and will re-write online banking pages to disguise these transactions. Read more below…
Trend Micro analysts have come across a new variant of the BEBLOH family of information stealers that goes well beyond the traditional tactic of logging keystrokes and sending it to another server for exploitation. Instead, this particular variant steals user information, uses it right away, and cleverly disguises it from users.
This particular variant, detected as TSPY_BEBLOH.AE, immediately connects to a command and control (C&C) server when it is executed. It downloads an encrypted configuration file from the said server, as seen below:
Figure 1. Captured traffic between affected system/C&C server
The configuration file contains key information, most importantly the name of the bank being targeted. If the user logs into the secure banking website of the target bank, their user name and PIN are both captured by the malware.
Instead of sending the account information to cybercriminals via e-mail or a website, however, it uses this to steal money from the account. If prompted by the central C&C server (which it contacts periodically), it transfers money from the user’s bank account to an account specified in the configuration file (The amount is also based on several parameters included in the said file; the values of these parameters are chosen to minimize the possibility of detection). Very good technical details can be read here.
Lastly, it also disguises its malicious transactions from the user. When the user attempts to view static pages that contain information such as remaining account balance(s), balance sheets, and previous transactions, the malware rewrites these pages on the fly, disguising any previous thefts from the user. Victims would not know they had been robbed unless they attempted to access the online banking site from an uninfected machine, or used separate facilities such as ATMs.
Source: http://blog.trendmicro.com/cooked-balance-sheets-bebloh-style/
