A trojan horse virus that creates false bank statements to fool you, after stealing your money has been detected.
Called the SpyEye ‘trojan horse’ the software not only steals your money but when you visit your online bank, there will be no trace of the transactions that the cyber-criminals have undertaken to steal your money.
It’s only when your bank starts chasing you because of an overdraft or your credit card is rejected that you will realise you have been hit. Trusteer, the security company which detected the attack, says, ‘The next time the victim visits their online banking site, the malware hides the fraudulent transactions, as well as artificially changing the total balance.’
The attack – on Windows PCs – has already been detected in the U.S. and the UK.
The software – which steals your bank passwords to give access to your account – waits for you to enter the same banking details before ‘adjusting’ what you see.
The Daily Mail in the UK claims that the idea is that it gives thieves more time to use your debit card details on fraudulent transactions without you realising it’s happening.
‘SpyEye is a tweak of the Zeus crimeware kit that grabs web form data within browsers,’ says the Naked Security blog at web security experts Sophos. ‘This year, right before the recent holiday season, Trusteer found a hopped-up version of SpyEye attacking banks in the U.S. and U.K.
‘The new Trojan, instead of intercepting or diverting email messages, hides bogus transactions even after users have logged out and then logged back into their accounts.’
‘This version of SpyEye both hides the fraudulent transaction and masks the amount of the transaction, putting forward a fake balance and ensuring that victims are oblivious to anything being amiss.’