After intensive investigations into the coup, the IT security companies check point and versafe announced on thursday evening that the perpetrators had diverted debits from more than 30,000 accounts into their own pockets – amounting to between 500 and 250,000 euros.
Bank accounts in italy were plundered at first. After that, bank customers in germany, spain and the netherlands were also robbed. The malware used in the attacks was therefore called "eurograbber". The affected were informed in the meantime, it is said in the expert report. The security companies cooperated with the investigating authorities to prevent further attacks.
The attackers have broken the mtan procedure, which is supposed to provide additional security for online banking on a PC by sending a unique transaction number via SMS. The multi-stage attack began with the introduction of PC malware. At the next online meeting with the bank, the "eurograbber" instructed the customer to enter his cell phone number into a form.
In the next step, the customer received an SMS requesting him to update the software on his mobile device. The trojan horse for the smartphone was installed, which was developed to intercept TAN codes from banks. This concerns the google system android and blackberrys. With the double infection, the perpetrators put themselves in a position to divert all further bank transactions.
The mtan procedure has been in use for about six years and is considered more secure than the classic TAN procedure, in which bank customers enter a transaction number on a PC from a list sent by mail. An alternative security technology for online banking is HBCI, which uses a key generated by a chip card. The bank customer must insert this card into a card reader during a transaction. As a further development of HBCI, several banks and savings banks also support the fints (financial transaction services) standard, which uses stronger encryption.