Financial News

  • 26 June 2014, 9:32

Hackers Steal Thousands From Bank Customers

A trojan attack on an unnamed European bank has seen ?500,000 (401,000) stolen from 190 victims - before the criminals responsible removed "every shred of evidence" that could trace them.

Customers lost between ?1,700 (1,362) and ?39,000 (31,269) each during a one-week period.

Two days later, "every shred of evidence" that could have been used to track down those responsible was automatically erased by the software.

The bank in question has not been named, although most of the customers affected are located in Italy and Turkey.

The hacking campaign was identified and revealed by security firm Kaspersky Labs.

The command and control server used in the attack was discovered on January 20, but its existence has only just been revealed.

Kaspersky Labs said in a statement: "The server's control panel indicated evidence of a trojan program used to steal money from clients' bank accounts at least one week old when it was discovered, having started no later than January 13."

The company contacted the bank's security service and the police after discovering the malware, dubbed Luuuk.

The crime gang behind the hack apparently spread the stolen money between several dummy accounts using deposits of varying sizes.

Kaspersky Labs added: "These differences in the amount of money entrusted to different drops may be indicative of varying levels of trust for each 'drop' type.

"We know that members of these schemes often cheat their partners in crime and abscond with the money they were supposed to cash.

"The criminals may be trying to hedge against these losses by setting up different groups with different levels of trust: the more money a 'drop' is asked to handle, the more he is trusted."

Advertisement