Trusteer researchers are warning of a new version of the Tatanga financial malware, which was first uncovered in May of last year.
"In the configuration file we captured, Tatanga notifies the online banking victim via a web browser injection that their bank is offering free insurance protection against online fraud," writes Trusteer's Ayelet Heyman. "The victim is then presented with a fake insurance account that claims to cover the total amount of funds in their bank account. This fake insurance account is actually a real bank account that belongs to a money mule. The victim is told that they will be protected against any losses from online fraud by this insurance coverage. In the final step, the victim is prompted to authorize a transaction that they believe is to activate the insurance coverage."
"In order to do this, they need to input the transaction authorization code sent by their bank to their mobile phone number," writes PCWorld's Lucian Constantin. "This code allows the malware to finalize the rogue transfer in the background and send the victim's money to the money mule ... The maximum sum that is transferred by the malware in a single transaction is €5,000 or about US $6,500."
"Oren Kedem, director of product marketing for Trusteer, says the new configuration of Tatanga, discovered last week, was initially aimed at customers of a specific bank in Spain, but he says the authors of it may be trying to spread it to customers of other banks," writes CIO.com's Taylor Armerding.
"Trusteer’s latest discovery is another indication that the cybercrime ecosystem isn’t short on creative and new techniques to optimize hosts that are already infected with malware," writes ZDNet's Dancho Danchev.