Bugat Joins The Mobile Revolution: BitMo Hijacking SMS-Borne OTP’s

RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat’s developers managed to develop and deploy mobile malware designed to hijack out-of-band authentication codes sent to bank customers via text messages.

Bugat (aka: Cridex) was discovered and sampled in the wild as early as August 2010. This privately-owned crimeware’s earlier targets were business and corporate accounts, its operators attempting high-value transactions ($100K-$200K USD per day) in both automated and manual fraud schemes.

It is very likely that Bugat’s operators started seeing a diminished ability to target high-value accounts due to added authentication challenges, forcing them to resort to developing a malware component that is already used by many mainstream banking Trojans in the wild.

BitMo A Little Late in the Game?

In somewhat tardy fashion, Bugat joins the lineup of banking malware that makes use of SMS capturing mobiles apps. The first occurrences of such malware were observed in use by Zeus and SpyEye Trojan variants, which were respectively dubbed ZitMo and SPitMo (Zeus-in-the-Mobile, SpyEye-in-the-Mobile). In mid-2012, RSA coined the name CitMo to denote the Citadel breed of in-the-Mobile activity. The fourth Trojan for which malicious apps were discovered was Carberp in early 2013, and with this case, Bugat is the most recent banking Trojan to have its own SMS-forwarding app, in which RSA coined: BitMo.

Read the entire blog here

This article got me quoted by "American Banker" - read about it here

Speaking to CSO Online I got to shed more light on the subject. Read that piece here

CRN.com took an angle on this as well: read it here