Menu
'Luuuk' banking malware may have stolen €500,000 in a week

'Luuuk' banking malware may have stolen €500,000 in a week

Kaspersky Lab says the professional criminal group behind the operation is very active

A European bank may have lost as much as €500,000 (US$682,000) in a week earlier this year, according to Kaspersky Lab, which analyzed data on a server used in attacks against online banking users in Italy and Turkey.

In a blog post Wednesday, the Russian security company didn't identify the bank or why it chose to reveal the possible theft six months later. The financial institution has been notified of the discovery, and Kaspersky said is in contact with law enforcement.

On Jan. 20, Kaspersky analysts discovered a command-and-control server for a piece of malware that executed so-called man-in-the-browser attacks on victims' computers. In that type of attack, malware intervenes during an online banking session and can manipulate or steal data.

Two days later, the fraudsters removed all of the "sensitive components" from the server, Kaspersky wrote. That indicates the cybercriminals may have known someone else was looking at it.

The fraud campaign was nicknamed "Luuuk" by Kaspersky after that name appeared in a file path of the server's administrator control panel. It appears the server managed the theft of funds from victims' accounts, automatically transferring the money to the accounts of "mules," or people who agree to receive the funds for a cut and transfer the bulk of the funds onward.

Server logs indicated that as much as €500,000 may have been transferred in a single week, wrote Kaspersky's Global Research and Analysis Team. The data indicated around 190 victims. Analysts also saw on the server descriptions of fraudulent transfers and the IBAN (international bank account number) numbers for victims and money mules.

Kaspersky hasn't seen a sample of the actual malware that was on victims' computers. But data on the server indicated it is similar in functionality to the infamous Zeus banking malware.

The Luuuk malware collected the logins and passwords of victims and one-time passcodes. Since one-time passcodes typically expire in a few minutes, this type of banking malware will use the code to quickly log into the victim's account.

The attackers checked the victim's balance and then conducted several fraudulent transactions automatically, likely "in the background of a legitimate banking session," the company wrote.

There are other indicators that the group is still very active, Kaspersky wrote, although it did not give further details.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityExploits / vulnerabilitiesmalwarekaspersky lab

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments