Online Banking Users Warned About New Threat

A new malicious Trojan called Neverquest is designed to steals usernames and passwords to online bank accounts, says Kaspersky.



A new malicious programme targeted at attacking online banking users is quickly spreading across the world, cybercrime expert Kaspersky Lab has warned.

The company has recorded several thousand attempts to infect computers used for online banking by the Neverquest Trojan, which its creators claim can attack “any bank in any country”.

The Trojan banker supports “every possible trick” used to bypass online banking security systems: web injection, remote system access and social engineering, said Kaspersky.

“A sharp rise in the number of attacks involving Neverquest can be expected, resulting in financial losses for users all over the world,” it added.

Neverquest steals usernames and passwords to bank accounts as well as all the data entered by the user into the modified pages of a banking website.

After gaining access to a user’s account, cybercriminals conduct transactions and wire money from the user to their own accounts or – to prevent the trail from leading directly to them – to the accounts of other victims, explained Kaspersky.

The programme has also developed special scripts for Internet Explorer and Firefox to facilitate these thefts. This gives the malware control of the browser connection with the cybercriminal’s command server when visiting the sites on its target list, including those that belong to large international banks from Germany, Italy Turkey and India, as well as payment systems.

“Another function helps the malicious users replenish their list of targeted banks and develop code to be seeded on new websites that were previously not on the target list,” Kaspersky said.

Neverquest’s top target appears to be an investment fund, since cybercriminals can not only transfer cash funds to their own accounts but also play the stock market, using the accounts and the money of the victims, the company added.

Sergey Golovanov, principal security researcher, Kaspersky Lab, said: “After wrapping up several criminal cases associated with the creation and proliferation of malware used to steal bank website data, a few ‘holes’ appeared on the black market.

“New malicious users are trying to fill these with new technologies and ideas. Neverquest is just one of the threats aiming to take over the leading positions previously held by programs like ZeuS and Carberp.”

Kaspersky also warned consumers that protection against such threats requires more than just standard antivirus – users need a solution that must be able to control a running browser process and prevent any manipulation by other applications.

Cyber security is a looming concern in the Middle East – a recent study by information security specialists Gulf Business Machines revealed that more than 65 per cent of IT experts in the GCC believe that the region is a prime target for cyber criminals.