Trusteer security researchers have uncovered a new version of the SpyEye Trojan that tries to trick victims into changing the phone numbers associated with their online banking accounts.
"Once a user logs into their online banking account from a computer infected with the new SpyEye variant, they receive an alert which appears to come from the bank and informs them of a new security requirement," writes Network World's Lucian Constantin. "The fake message claims that a unique telephone number will be assigned to the customer for fraud reduction purposes and asks them to confirm the procedure by inputting the code sent to their current phone."
"In the background the Trojan actually initiates a phone number change request, the SMS code received by the victim being the key to complete the process," Constantin writes. "Following a successful attack, the fraudsters gain the ability to transfer funds out of the account at will."
Go to "SpyEye steals banking codes by sending them to wrong phone" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.