Symantec researchers reported about the Trojan Silentbanker targeting more than 400 banks including the household names in the U.S. and other financial institutions in the world and hangs in the background to intercept transactions with two-factor authentication. This Trojan performs man-in-the-middle attacks on valid transactions and has the ability to intercept transactions that require two-factor authentication. Then silently change the user-entered destination bank account details to the attacker’s account details instead. Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker’s details instead. And since the user doesn’t notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Symantec notes that the Trojan adapts based on what it needs. It tries the easiest attack vector and then works up to the more difficult approaches. The Trojan can also download updates and other executables and it can use the infected machine as a proxy or as a Web server on any chosen port. For protection, please keep your antivirus definitions up to date and keep your eyes on the firewall.
