Evolved Banking Fraud Malware: Automatic Transfer Systems

Banks and other financial institutions have put in stricter controls in an attempt to minimize losses that phishing attacks cause. Cybercriminals have not taken this sitting down by producing a new tool to automate online banking fraud — automatic transfer systems (ATSs).

In the past, malware families like ZeuS and SpyEye used Webinject files to modify the websites of targeted organizations such as banks. A Webinject file is basically a text file with JavaScript and HTML code that contains the code the attacker wants to insert into the targeted websites.

With ATS, however, attackers have taken things to the next level. Instead of merely passively stealing information, ATSs allow cybercriminals to instantly carry out financial transactions that could deplete users’ bank accounts without their knowledge. No longer needing user intervention to key in user names and passwords, ATSs allow cybercriminals to automatically transfer funds from victims’ accounts to their own ones without leaving traces of their presence.

This research paper contains our preliminary research on ATSs. In the process of conducting research, we were able to find key aspects of ATS attacks, determine some known targets, and dig into the murky underground engaged in producing and selling ATSs.

Our full findings can be seen in the research paper, “Automating Online Banking Fraud,” which you may download by clicking the image below:

An infographic illustrating the ins and outs of this attack can be seen below: