“In recent times, to the laboratory of our team went a sample of malware attacker Polish users of electronic banking.” – write to your website by experts from CERT.
Read also: sinister flaw in Android. It can take over your SMS
Trojan Horse in the browser
The threat, which draws attention to CERT, the add-in (plugin) into your web browser Firefox, which replaces the bank account numbers. This add-on is installed without the user’s knowledge, and at the same time is completely ignored by antivirus programs.
How the browser can be infected? At the beginning you via P2P or file-sharing networks, gets on your computer installation file from one of the free programs such as Winamp, Corel PaintShop or PowerISO. They can also be drivers for your computer components or “zcrakowana” version of the popular game Minecraft.
The infected by cybercriminals installer, in addition to standard file placed on the victim’s computer application wget.exe and defines task for Windows. This task automatically run the wget.exe who gets infected and then installs the add-on to Mozilla Firefox. Plugin – like the popular Adblockery – monitors all data that pass through it. This means that it can hide from us the specific information or simply replace them.
Infected Firefox add-on is particularly dangerous for people using electronic banking. It allows for the substitution account number when making a transfer. What’s more, the victim of fraud does not even know that for such substitution occurred because the screen of her monitor appears correctly – pasted by it – the account number.
How to protect yourself against the threat?
The only way to check whether there has been any such substitution, is to verify the account number in the SMS with a confirmation code transfer. If the number is different from the one that we wrote, we can be sure that the victim of fraud. If this happens, immediately cancel the transfer.
It is worth noting that described by CERT issue affects users of older versions of Firefox. The latest version 43 introduced a certification for additives. This means that all allowances that are not certified addons.mozilla.org, are automatically blocked by the browser. We recommend so be sure to update Firefox to the latest version.
Analysts CERT point out that although in the case of this particular malware met only with the version of the plugin for Firefox, it does not rule out that there may also versions for Chrome .
Source: CERT
No comments:
Post a Comment