Bugat Joins The Mobile Revolution: BitMo Hijacking SMS-Borne OTP’s
RSA
researchers analyzing Bugat Trojan attacks have recently learned that Bugat’s
developers managed to develop and deploy mobile malware designed to hijack
out-of-band authentication codes sent to bank customers via text messages.
Bugat
(aka: Cridex) was discovered and sampled in the wild as early as August 2010.
This privately-owned crimeware’s earlier targets were business and corporate
accounts, its operators attempting high-value transactions ($100K-$200K USD per
day) in both automated and manual fraud schemes.
It is
very likely that Bugat’s operators started seeing a diminished ability to
target high-value accounts due to added authentication challenges, forcing them
to resort to developing a malware component that is already used by many
mainstream banking Trojans in the wild.
BitMo A Little Late in the Game?
In
somewhat tardy fashion, Bugat joins the lineup of banking malware that makes
use of SMS capturing mobiles apps. The first occurrences of such malware were
observed in use by Zeus and SpyEye Trojan variants, which were respectively
dubbed ZitMo and SPitMo (Zeus-in-the-Mobile, SpyEye-in-the-Mobile). In
mid-2012, RSA coined the name CitMo to denote the Citadel breed of
in-the-Mobile activity. The fourth Trojan for which malicious apps were
discovered was Carberp in early 2013, and with this case, Bugat is the most
recent banking Trojan to have its own SMS-forwarding app, in which RSA coined:
BitMo.
Read the entire blog here
This article got me quoted by "American Banker" - read about it here
Speaking to CSO Online I got to shed more light on the subject. Read that piece here
CRN.com took an angle on this as well: read it here
This article got me quoted by "American Banker" - read about it here
Speaking to CSO Online I got to shed more light on the subject. Read that piece here
CRN.com took an angle on this as well: read it here
Comments
Post a Comment