Some bank heists need more than one crook to do the job, and the same is true in the world of online robbery, as a new and intricately structured banking Trojan demonstrates.
Dubbed the "Mousetrap Trojan" by the security firm Bitdefender, the artillery kicks off its campaign by injecting Java applets into websites; when victims visit these sites and click on a prompt provided by what looks like a real version of Adobe Flash Player, the Trojan, called "Trojan.Downloader.Java.OpenConnection.BA," embeds itself by adding rogue code to the Web pages.
The original bad applet then downloads and installs a second piece of malware on the victim's computer, Bitdefender said. This second Trojan saves itself in a writeable location on the computer under the name "Temp_flash_file.phx." As it creates a shortcut ensuring it will run every time the system starts up, the rigged file then downloads and installs a list of "a dozen available links that lead to different banker Trojans."
[Swimsuit Supermodel Carries Trojan for Mac Users]
What does this technical talk mean to you and your money?
These dozen banking Trojan links all have the same goal — your bank account login — and the same method of getting it, by presenting fake login screens that mimic your bank's website, intercepting your credentials and feeding them to a remote server.
Unlike a real-life bank robbery, the crooks in this case are invisible, and so is their getaway car.
"Once on the system, the banker updates itself by downloading newer versions from a second list of links," Bitdefender explained. "The updates hide out in different locations so that if one is detected, the rest can still be accessed."
After the Trojan sets the cybercrime scheme in motion, it deletes itself from the victim's system, covering its tracks and making it difficult to trace it back to its creators.
Some proactive steps to protect yourself from this and other online banking Trojans : make sure your anti-virus software is current, never enter your bank account login credentials on a page you've been redirected to, or one that looks different than your actual bank's site. Most online banking Web pages are configured with HTTPS encryption, ensuring your transactions are secure. Look for the "HTTPS" highlighted in green in the URL before you enter type any sensitive information. Also, regularly monitor your bank account for any suspicious transactions.
