Tag Archive for: transfers

Student finally gets bank refund following unauthorised transfers

/in


Chong (left) meets Miss Tiong in Selangor to help in handling her complaint.

KUCHING (June 16): Democratic Action Party (DAP) Sarawak chairman Chong Chieng Jen has helped a Sarawakian student who is a victim of an unauthorised and illegal internet bank transfers.

Chong in a statement yesterday said after almost five months of distress and anxiety, the student who only wanted to be known as Miss Tiong who studies in Selangor, finally got her full refund of RM19,667.79 from her bank.

Chong said the girl had a savings account with Maybank Berhad.

“Sometime in January this year, Miss Tiong discovered that between Jan 8 and 17, there were 99 internet fund transfers from her savings account to some third-party accounts.

“All the transfers were carried out without her knowledge or authority. She also did not receive any OTP messages or notifications from the bank in respect of the said transfers. The total amount of the 99 internet transfers was RM19,667.79,” he said.

He added that Miss Tiong immediately lodged a police report and submitted a claim with the bank for the refund of the amount illegally transferred out from her account.

“Though the bank promised to investigate the matter within two months, she waited for months and yet there was no response. She subsequently sought help from me.

“Miss Tiong was under tremendous distress for months over her loss of RM19,667.79 which was money for her tertiary education.

“Yesterday (June 14), she finally received all the refunds of RM19,667.79 from Maybank.

“After weeks of public pressure on banks to refund their customers’ money illegally and unknowingly transferred from their customers’ account, and the directive issued by Bank Negara Malaysia to banks to compensate their customers for unauthorised transfers of funds, finally we see a positive outcome of this public outcry,” he said.

Chong, who is also Stampin MP and Padungan assemblyman, said this was the first case he came across in recent months that a bank has refunded its customers for the illegal and unauthorised transfer of funds.

“I am grateful that Maybank has acted positively and fairly in Miss Tiong’s case, though after some delay.

“I…

Source…

Malware resets Android devices after performing fraudulent wire transfers

/in


If your Android phone initiates a factory reset out of the blue, there’s a chance it has been infected with the BRATA banking malware and you’ve just been ripped off.

Android malware reset

The unusual functionality serves as a kill switch for the trojan, Cleafy researchers have explained, while also making the victim lose time trying to find out what happened as crooks siphon money out of their account.

European users under attack

First documented by Kaspersky researchers in 2019, BRATA was a RAT targeting Android users in Brazil. It was able to capture and send user’s screen output in real-time, log keystrokes, retrieve device information, turn off the screen to give the impression that it has been turned off, and more.

Through the years, BRATA evolved primarily into banking malware and has lately been aimed against Android users in Europe and the rest of Latin America. (Cleafy researchers hypothesize that the group responsible for maintaining the BRATA codebase is probably located in the LATAM area and is reselling this malware to other local groups.)

The trojan has been spotted targeting customers of several Italian banks in H2 2021.

“The attack chain usually starts with a fake SMS containing a link to a website. The SMS seems to come from the bank (the so-called spoofing scam), and it tries to convince the victim to download an anti-spam app, with the promise to be contacted soon by a bank operator. In some cases, the link redirects the victim to a phishing page that looks like the bank’s, and it is used to steal credentials and other relevant information (e.g. fiscal code and security questions),” the researchers shared last December.

Victims are persuaded by the fraud operators to install the app, which gives the latter control of the device and access to the 2FA code sent by the bank, allowing them to perform fraudulent transactions.

Since then, several variants of the malware posing as a variety of security apps have been targeting users of banks and financial institutions in the UK, Poland, Italy, and LATAM.

BRATA’s new capabilities

These “European” variants have gained interesting capabilities such as establishing multiple communication channels (HTTP and…

Source…

Ursnif Leverages Cerberus Android Malware to Automate Fraudulent Bank Transfers in Italy

/in


Contributed to this research: Segev Fogel, Amir Gendler and Nethanella Messer.

 

IBM Trusteer researchers continually monitor the evolution and attack tactics in the banking sector. In a recent analysis, our team found that an Ursnif (aka Gozi) banking Trojan variant is being used in the wild to target online banking users in Italy with mobile malware. Aside from the Ursnif infection on the victim’s desktop, the malware tricks victims into fetching a mobile app from a fake Google Play page and infects their mobile device with the Cerberus Android malware.

 

The Cerberus malware component of the attack is used by Ursnif’s operators to receive two-factor authentication codes sent by banks to their users when account updates and money transfer transactions are being confirmed in real-time. Cerberus also possesses other features and can enable the attacker to obtain the lock-screen code and remotely control the device.

 

Cerberus is an overlay-type mobile malware that emerged in mid-2019 but initially lacked advanced capabilities. It has evolved over time to eventually feature the ability to hijack SMS content and control devices remotely, alongside other sophisticated data theft features. Cerberus was peddled in the underground as commodity malware until the summer of 2020, taking over the market share of Anubis, a previous pay-per-use malware.

 

In September 2020, Cerberus’ development team decided to disband, spurring an auction attempt that aimed to sell off the source code to the highest bidder, starting at $100,000. The code did not sell but was instead shared with the malware’s customer base, which meant it was publicly leaked. That intentional release of the source code gave rise to numerous malware campaigns involving Cerberus and likely also led to this combined attack with the Ursnif banking Trojan.

A Combination Attack From Desktop to Smartphone

Ursnif is a very long-standing staple in the cybercrime arena, possibly the oldest banking Trojan that’s still active today. Recent campaigns featuring this malware have been most notable in Italy, where it is typically delivered to business email recipients in attachments that…

Source…

Business email scams have led to $2.3 billion losses via rogue wire transfers

/in

Over the past two and a half years, cybercriminals have managed to steal over $ 2.3 billion from thousands of companies worldwide by using little more than carefully crafted scam emails.

Known as business email compromise (BEC), CEO fraud or whaling, this type of attack involves criminals impersonating an organization’s chief executive officer, or some other high-ranking manager, and instructing employees via email to initiate rogue wire transfers.

According to an alert issued earlier this week by the FBI, between October 2013 and February 2016, 17,642 organizations from the U.S. and 79 other countries have fallen victim to BEC attacks. The combined losses amount to over $ 2.3 billion, the agency said.

To read this article in full or to leave a comment, please click here

Network World Security