'ATM-Zombie' malware stealing Israeli bank customers' money

Criminals have used the malware to steal a collective hundreds of thousands of shekels from dozens of people just in the last quarter of 2015.

By NIV ELIS
Updated: MARCH 1, 2016 02:39
Shekel money bills (photo credit: REUTERS)
Shekel money bills
(photo credit: REUTERS)
A piece of malware dubbed the ATM-Zombie has been stealing cash from customers at Israeli banks, according to cybersecurity firm Kaspersky Lab.
Criminals have used the malware to steal collective hundreds of thousands of shekels from dozens of people just in the last quarter of 2015, Kaspersky said, though it commended customer vigilance and quick reactions from banks for stopping the attack’s spread in relatively early stages.
Kaspersky investigator Ido Naor found that the users accidentally downloaded the malware through “spear fishing,” targeted emails that entice users to click a link that downloads the program.
Once downloaded, the malware inserted itself between people’s Internet browsers and the bank.
“If the victim has decided to connect his bank account, the characteristics in the browser will redirect the victim to the attacker’s server, which looks exactly as the bank’s server,” the report explained.
It would then steal their information, take over the account and transfer the money outside the country.
“In this case the attacker chose to take advantage of a legitimate feature that allows a money transfer via text message. The message is sent after filling out a form on the site, which contains the details of the recipient, his ID, the telephone number to which the transfer authorization is sent in a form of user code, amount, withdrawal date and other details. All that is needed now is to withdraw the money from the ATM,” the report explained.
An accomplice, which Kaspersky called a zombie because he was working under the control of the original attacker outside the country, would take the cash from the ATM and transfer it to the main attacker via other means.
“It is important to note that financial institutions in Israel are known for their high abilities to defeat hostile activity, and they are backed up by cutting edge technological products,” Noar said. “However, in this case the criminals succeeded by targeting the end customer instead of the banks themselves. They took advantage of the weakest link. Luckily, the high capabilities of the defense systems of the banks also helped to stop the attack in its early stages.”