"Similar to the United States' Automated Clearing House (ACH) electronic payment system, which perpetrators of 'Operation High Roller' also abused earlier this year to commit fraud, SEPA streamlines fund transfer processes among European banks," writes SC Magazine's Danielle Walker.
"Since the infections are targeted and affect only a small number of customers, the malicious attempts are difficult to identify," writes Softpedia's Eduard Kovacs. "The attackers use a server located in Moscow, Russia, which hosts separate control panels for each of the targeted financial institutions."
"[McAfee] found the malware had the capability to hide security alerts, enable transactions to be searched and replaced according to how the bank processed SEPA transactions, as well as the capability to send SEPA transfers to mule accounts," writes Threatpost's Michael Mimoso. "Sherstobitoff said 61,000 Euros in attempted transactions were made to mule accounts from one of the targeted banks; some of the accounts had a standing balance of 50,000 Euros or more."