Switch, the computer emergency response team for Swiss universities, and Trend Micro, a computer security firm, issued reports on Tuesday about the hacking that is also aimed at bank clients in Austria, Japan and Sweden.
The criminal activity involves sophisticated “malware” known as Retefe, which bypasses online banking systems that use a two-stage authentication process for customers to gain access to accounts.
The two-stage system requires a password and a second password that is emailed or texted to mobile phones.
The security experts found that hackers are sending emails to online bank users that show the letterheads of online retailers and have attachments.
Clients opening the attachments download the malware which directs users to a fake site managed by criminals when they try to access a legitimate bank site.
The fake sites asked the clients to enter their account details, password and personal identification number (PIN).
The hackers also prompted users to download an Android mobile application supposedly providing security but actually allowing the criminals to access victims’ accounts.
Money has been pilfered from accounts but the extent of the losses is not clear.
The identity of the banks — 34 banking sites were implicated — was also not disclosed in the reports.
Trend Micro has tracked the hacking to Romania but it said the culprits are “most likely Russian speakers” who use “shady Russian cyber-criminal underground market services”.
The company said it believed the criminals have been active since 2011.
Story continues below…
Switch said that antivirus programs from Android offer good protection against the malware scammers “but unfortunately few people still use such software on their smartphones”.
Trend Micro said it has contacted banks “so they could take appropriate measures to protect their clients”.
It recommends that they use more “advanced defences” against malware and “phishing”, the sending of emails to illegally obtain confidential information.
For more information on the Trend Micro report, click here.
Details of the Switch are available (in German) here.