Internet thieves are targeting JP Morgan Chase & Co. customers in an email “phishing” attack. It’s different from other email fraud campaigns in that it tries to collect information from JP Morgan while simultaneously infecting PC’s with a virus that steals passwords from other businesses.
The criminal operation, named “Smash and Grab,” was launched last Tuesday (08/19). It sends an email that advised recipients to click to view a secure message from JP Morgan, according to researchers with Proofpoint Inc.
According to Trish Wexler, Chase representative, the bank believes most of the malevolent emails were stopped by filters at large Internet providers. She also said the emails looked credible because the hackers seemed to use a screen grab from a verified email sent by the JP Morgan.
Users who click on a link are urged to enter usernames and passwords for account access. Even if they don’t follow orders, the site tries to install the Dyre banking Trojan on their computers. Dyre, or Dyreza, is a recently exposed malware that searches for sensitive information from Bank of America Corp, Citigroup and the Royal bank of Scotland Group Plc.
Phishme reported that the malware bypasses SSL protections with the browser while stealing credentials. A CSIS Security group spokesperson added,
“The group behind Dyreza has implemented their own money mule panel which indicates that they intend to provide this as a crime-as-a-service solution or is a full circle in-house crime gang.”
Senior Phishme researcher Ronnie Takazowski pointed out that,
“When analyzing tools, tactics, and procedures for different malware campaigns, we normally don’t see huge changes on the attackers’ part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry.”
Researchers fear that since Dyreza doesn’t implement advanced data encryption or file name randomization like the notorious Zeus malware, it’s only in its beginning stages.
Comment Template