Computerworld

Automated online banking fraud tool emerges

Automatic transfer system (ATS) tool can be used with SpyEye malware to infect computers and bypass bank security measures, says security expert

Trend Micro has warned of an automatic transfer system (ATS) tool which has been used to infect users’ computers and then bypass their bank account security measures, such as two-factor authentication, in the UK, Germany and Italy.

Victims have their computers infected by the ATS via emails with links to malware attachments or through downloads from compromised legitimate websites, according to Trend Micro US senior threat researcher, Loucif Kharouni.

The ATS is activated during the victim's online banking session and will automatically conduct a wire transfer of customer’s funds to another account within the same bank without detection. In addition, the ATS modifies account transactions to hide traces of its presence.

According to Kharouni, the ATS tool currently only infects PCs running Windows that are used to access bank records.

While the security vendor has not found any instances of Australian banks being targeted as yet, Trend Micro Australia and New Zealand director of enterprise products, Glyn Stokes, warned that bank customers needed to manage their security.

“Actions such as creating complex passwords, having a vigilant attitude, and using the latest security software will help to prevent online banking crime,” he said in a statement.

Computerworld Australia has contacted Australian banks for comment.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU