Security researchers from Trusteer have intercepted a Tatanga malware variant capable of bypassing the SMS based transaction authentication protection of German banks.
Here’s how it works:
The scam targets online banking customers of several German banks. When the victim logs on to the online banking application, Tatanga uses a MitB webinject that alleges the bank is performing a security check on their computer and ability to receive a Transaction Authorization Number (TAN) on their mobile device.In the background, Tatanga initiates a fraudulent money transfer to a mule account. It even checks the victim’s account balance, and will transfer funds from the account with the highest balance if there is more than one to choose from.
The victim is asked to enter the SMS-delivered TAN they receive from the bank into the fake web form, as a way to complete this security process. By entering the TAN in the injected HTML page the victim is in fact approving the fraudulent transaction originated by Tatanga against their account.
What’s particularly interesting about this Tatanga variant, is the fact that It doesn’t attempts to undermine the technology of SMS based transaction authentication, instead it attempts to undermine the process. Next to undermining the technology, the malware will also attempt to hide the fraudulent activity from the eyes of the infected victim, by modifying the account balance reports. (Read More)