Strides in the dubious art of malware crafting have targeted Apple iPad owners and Android-powered tablets in the past year. A newly-announced strain, however, is sticking to its PC roots and targeting the populist Windows platform with a particularly nasty bug that has nudged German law enforcement into issuing a general warning to its web-surfing citizens.
Krebs on Security detailed the statement from the German Federal Criminal Police (the Bundeskriminalamt, or more pronounceable BKA) that outlined the overall scheme perpetrated by the new malware (which doesn’t actually sound that new).
According to the site’s translation of the warning, Windows users who maintain their bank statements online and are inflicted by the malware receive a message purporting to be from their bank that details an imaginary crediting error that can easily be fixed with a few clicks of their mouse. By acquiescing, users deposit money into a criminal’s pre-made account.
Krebs described the ploy in further detail:
When the unwitting user views his account balance, the malware modifies the amounts displayed in his browser; it appears that he has recently received a large transfer into his account. The victim is told to immediately make a transfer to return the funds and unlock his account. The malicious software presents an already filled-in online transfer form — with the account and routing numbers for a bank account the attacker controls.