A new strain of financial malware is hijacking live chat sessions in a bid to hoodwink business banking customers into handing over their banking login credentials or into authorising fraudulent transactions.
The attack is being carried out using the Shylock malware platform*, using a configuration that runs a browser-based man-in-the-middle attack. The assault – which targets business banking customers rather than consumers – kicks in when a victim logs into their online banking application.
Sessions are suspended, supposedly to run security checks (on the pretext that the “system couldn’t identify your PC”), before a web-chat screen under the control of hackers is presented to victims.
Source: The Register