McAfee: Operation High Roller Now Targets German Banks


McAfee researchers recently uncovered a new malware campaign targeting Europe's SEPA payments system.

"Similar to the United States' Automated Clearing House (ACH) electronic payment system, which perpetrators of 'Operation High Roller' also abused earlier this year to commit fraud, SEPA streamlines fund transfer processes among European banks," writes SC Magazine's Danielle Walker.

"The latest attack targets the German banking industry with a targeted ATS [automated transfer system] designed with SEPA in mind," writes McAfee's Ryan Sherstobitoff. "The malicious 'webinjects' target two German banks with a specially crafted JavaScript payload deployed to about a dozen of their online banking customers that have SEPA as an option, keeping this attack very targeted in nature."

"Since the infections are targeted and affect only a small number of customers, the malicious attempts are difficult to identify," writes Softpedia's Eduard Kovacs. "The attackers use a server located in Moscow, Russia, which hosts separate control panels for each of the targeted financial institutions."

"[McAfee] found the malware had the capability to hide security alerts, enable transactions to be searched and replaced according to how the bank processed SEPA transactions, as well as the capability to send SEPA transfers to mule accounts," writes Threatpost's Michael Mimoso. "Sherstobitoff said 61,000 Euros in attempted transactions were made to mule accounts from one of the targeted banks; some of the accounts had a standing balance of 50,000 Euros or more."