McAfee and Guardian Analytics released a report on the spread of a new type of computer fraud aimed at stealing money. Operation High Roller is the name that the two companies were assigned to one of the most advanced so far discovered, used to steal money from accounts Current online in a fully automated Mode by using server-side components. One of the first attack was made against an Italian bank.
Unlike the techniques used in the past with Zeus and SpyEye, Operation High Roller does not require any manual intervention. The authors of the fraud also have a thorough knowledge of the banking system, most likely due to information obtained from infiltrators.
The sophisticated techniques used allow tocircumvent even the physical authentication “chip and pin” , as well as the classical online procedure that provides the user name / password to log in and use of a token.
The criminal organization has enabled more than 60 servers around the world, which were opened on the so-called ” mule accounts “, false accounts, or used as a target of theft of money from online bank accounts. In the case of the Italian bank (not further identified in the report).
For example, an attack was made by a malware that injects HTML and JavaScript in your browser, creating a false form where the user enters the login credentials. The transaction towards the mules takes place in a completely automatic way.
McAfee and Guardian Analytics found that the targets of these frauds are mostly depositors with a high sum of money in the account (between 250,000 and 500,000 euros in Italy), or individual companies and professionals with “samples” of up to 100,000 euros (130,000 U.S. dollars ).
According to estimates of the researchers, the criminals have tried to transfer a value of at least 60 million euros from the accounts of over 60 financial institutions. If all fraud attempts were successful, the total figure would be even greater than the 2 billion euros.