mTAN fraud relies on conventional Trojans


In the last couple of days, a fraud has come to light in which mTAN-protected online banking accounts (also known as smsTAN or mobileTAN) have been plundered.

The attacks on the mTAN process are not new and operate as follows:

First the PCs of potential victims are infected with conventional banking Trojans. The online banking access data is stolen and transferred to the attackers, who then cherry-pick banking customers with high account balances.

Once such have been identified, the attackers use other functions in the malware to check the hard disk of the infected computer for personal data such as addresses and (mobile) phone numbers– e.g. in letters or emails.

The attackers then try to order a new SIM card for the owner of the infected computer and have it delivered to themselves. In the current wave, the attackers pretend to be a mobile phone shop ordering a new SIM card at the request of a supposed customer.

Once they have received the SIM card, the attackers intercept all mTANs and can then carry out malicious transactions and steal money at will. G DATA customers are not affected by these attacks. The attackers use banking Trojans to carry out their scam. G DATA BankGuard technology offers proactive protection against banking Trojans.