Twitter Topic Text from https://twitter.com/#!/e_kaspersky
Text from SECURELIST by:
Kaspersky Lab Expert
Posted May 21, 14:10 GMT
Malware now can spy using web camera. Who still has their cameras unblocked?
It seems that development of the main module of SpyEye stopped with last autumn’s version 1.3.48. But just because the authors are not developing this platform further, it doesn’t mean that SpyEye is no longer getting new functions.
This is not the first time that cybercriminals using online banks have tried to get video and audio footage of victims. My colleague Dmitry Bestuzhev recalls a case when a malicious program targeting clients of an Ecuadorian bank also had functionality to record video and audio footage on the infected computer and to send it to intruders.
This too was not related to optical client recognition - the Ecuadorian bank had no such feature implemented.
It all begs the question – why film your victim? Apparently, cybercriminals watch the user’s reaction when the theft is in process. As usual, money is stolen in the following way: the user types his/her login data into the bank site, but the code of the bank’s page is modified by malware directly in the browser and after authorization the user doesn’t see the bank account but the malware creates a window with a message saying, for example, “Loading... Please wait...”. At the same time, injected malicious code prepares to send the stolen money to an accomplice’s bank account.
Once that’s done, in order to confirm the transaction, cybercriminals have to persuade the user to enter a secret code, which could be received by SMS. This is when social engineering is used: the intruder’s program puts a request on the victim’s screen, something like: “We have strengthened security measures. Please confirm your identity entering the secret code we have sent to your phone.”
Very interesting, learn more:
Via Gust MEES