SpyEye banking malware learns to cover its tracks

SpyEye banking malware has added a new feature to its arsenal that takes advantage of "paperless" statements by hiding the fact that your bank account has been compromised.

The infamous SpyEye banking Trojan has a new trick up its sleeve: a feature that keeps fraud victims in the dark as it drains their banking accounts. According to PCWorld, by using a technique called HTML injection, banking customers are tricked into divulging account information. Once SpyEye accesses the account, it can now hide fraudulent transfers of money by displaying an inaccurate bank balance. In a blog post, security firm Trusteer explains:

... the malware hides ("replaces") the fraudulent transactions in the "view transactions" page, as well as artificially changing the total fraudulent transaction amount to balance the totals. As a result, the deceived customer has no idea that their account has been ‘taken over', nor that any fraudulent transactions have taken place.
Security News Daily notes that so far the Trojan is targeting victims in the United States and the UK. Of course, paper statements would reveal the thievery, but the push of many banks to go paperless could mean the crime would go undetected for months. Sophos' Naked Security blog offers two simple, but often over-looked, tips to protect against the new and improved SpyEye:

  1. Keep browsers and antivirus software up to date.
  2. Make sure your browser's anti-phishing feature is turned on.

Also see: