Be warned: your computer may be stealing your money

Cyber-security experts sound alarm over growing prevalence of sophisticated malware

Jerome Taylor
Tuesday 09 October 2012 22:35 BST

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Almost a third of all fraudulent banking transactions now originate from the customer's own computer, as cyber criminals use increasingly sophisticated malware to hijack accounts, online security specialists warned yesterday.

To combat the ever-present threat of online crime, financial institutions across Europe have developed multiple security mechanisms such as encrypted card readers and complex security questions when customers log on to their accounts.

But experts are warning that the latest software used by criminals to steal money from people's accounts is becoming so clever that it fools the bank into thinking that they are making a legitimate online transaction.

Cyber-security experts have described the latest remote administration tools used to hijack people's computers – often referred to by hackers as "rats" – as "blood chilling" in their complexity and efficiency. Analysts yesterday illustrated how the latest malware could infect an unwitting person's computer and quickly persuade the user to send over vital security data such as log-on details and passwords.

The example they used came from a Russian hacker who was recently arrested with more than £140,000 in his house.

Using the latest trojan viruses, hackers infect a computer and communicate with their victims by pretending to be their bank, asking them for personal data which then enables them to log into their accounts and move money around. Until recently, less sophisticated malware meant that those hackers who had gained en-ough log-in data would still have to try to access a stolen account from a computer that was not the customer's, which often alerts a bank's al-arm systems and prompts further security questions.

Now the latest software allows the hacker to remotely access an infected computer's bank account from the customer's own machine without them knowing.

"This is a new combination and very alarming from a cyber-security perspective," Uri Rivner, head of cyber strategy at BioCatch, said. "We are starting to see this more and more. When I talk to banks in Europe, about 30 per cent of the fraud is coming from [customer] computers, which explains the risk."

An executive at a Dutch bank confirmed that such attacks are becoming increasingly commonplace. "This is happening at the moment," he said. "This is the main concern for the banking sector right now."

The increasing sophistication of malware is a constant headache for banking groups, which want to keep customers' money safe but easily accessible. The latest kind of attack was just one of many new developments in the hacking world that were being discussed at the RSA Conference in central London, one of the largest global annual gatherings of information security specialists.

Many of those at the conference accused privacy campaigners of hindering the cyber-security industry's ability to protect against new threats because data-protection laws often stopped large-scale sharing of information.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in