A banking Trojan named URLZone (Finjan) exploits a hole in the major browsers on Windows machines to show victims a fake balance on their banking web site as it steals cash and sends it to the account of a money mule, according to Finjan researchers.
Victims will continue to see the fake balance in their accounts and not notice the theft until they obtain their balance at an ATM machine, check with a computer that is not infected or get an overdraft notification.
URLZone, which is loaded onto victims’ computers by malicious .pdf files or JavaScripts, exploits a vulnerability in Firefox and Opera as well as Internet Explorer 6, 7 and 8 browsers. It has been used to steal more than $400,000 from customers of German banks recently, according to Yuval Ben-Itzhak, Finjan chief technology officer.
Ben-Itzhak said “It’s a next generation bank Trojan. This is part of a new trend of more sophisticated Trojans designed to evade antifraud systems.”
Story here.