Security Market Segment LS
Friday, 21 November 2014 17:34

Yummba puts online banking credentials (and your money) at risk


A major cloud company has warned of a new set of tools being used to commit bank fraud.

Akamai's Prolexic Security Engineering and Response Team (PLXsert) has detected a new set of webinject tools used in conjunction with the Zeus malware to steal online banking credentials and perform fraudulent funds transfers.

"PLXsert has identified more than 100 financial institutions for which active webinjects are available in the wild. Most are mid-size and large financial institutions in North America and Europe," said Akamai security business unit senior vice president and general manager Stuart Scholly.

Webinjects - the insertion of custom elements into web pages - are nothing new. They are often used by malware to collect and exfiltrate credentials for banking and other websites.

The Yummba webinjects - the name is that of the (apparently Russian) individual or group behind the code - work with the Zeus malware kit and the Automatic Transfer System (ATSEngine) to collect banking usernames and passwords, card and CVV numbers, expiry dates, and other sensitive information such as dates of birth.

This may be done under the guise of an "additional authorisation process" or similar, with each webinject customised to match the look and feel of the relevant organisation's real website.

Where online banking credentials have been obtained or a legitimate session established, the malware may immediately transfer funds from the victim's account.

The PLXsert report [registration required] suggests the first line of defence is user awareness. Learning to recognise suspicious emails ("Red flags are generic salutations, grammatical errors in URLs, unexpected attachments, and attachments sent from unknown entities") helps prevent the Zeus malware from reaching a computer in the first place.

Endpoint security software can help, but PLXsert warns "there may be very low levels of detection for some threats."

At the network level, deep packet inspection and the blacklisting of illegitimate URLs provides some protection.

"PLXsert anticipates the underground crimeware ecosystem will continue to produce new and more powerful tools like Yummba webinjects to take advantage of the massive number of exploited devices on the Internet," said Akamai.

Image: EFF-Graphics [CC BY 3.0] via Wikimedia Commons


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments