Check Point and Versafe Uncover New Eurograbber Attack
December 2012 by Marc Jacob
Check Point Software Technologies Ltd. and Versafe, a private and independent vendor of online fraud prevention solutions, today published “A Case Study of Eurograbber: How 36 million was stolen via malware”. The case study uncovers a highly sophisticated attack used to steal €36+ Million from over 30,000 corporate and private banking customers of over 30 banks across Europe.
Eurograbber was launched against banking customers, using a sophisticated combination of malware directed at computers and mobile devices. The malware, in conjunction with the attackers’ command and control server, first infected the victims’ computers, and then, infected their mobile devices in order to intercept SMS messages to bypass the banks’ two-factor authentication process. With the stolen information and the transaction authentication number (TAN), the attackers then performed automatic transfers of funds, ranging between €500 and €250,000, from the victims’ accounts to mule accounts across Europe.
Key Findings:
• An estimated €36+ million has been stolen from more than 30,000 corporate and private bank accounts.
• The attacks originated in Italy, but quickly spread to Germany, Holland, and Spain.
• The theft involved a sophisticated combination of malware directed at computers and mobile devices of banking customers.
• A new and very successful iteration of a bot attack (the Zeus Trojan) was used in the widespread Eurograbber attack.
• Android and Blackberry mobile devices were specifically targeted, showing that attacks against Android devices are a growing trend.