Akamai Technologies' Prolexic Security Engineering & Response Team (PLXsert), a new cybersecurity threat advisory has issued an alert to banks and enterprises on security treats arising from the availability 'Yummba webinject' crime kit targeting the banking sector. The full advisory is available for download at www.stateoftheinternet.com/yummba.
Akamai's PLXsert noted that Zeus crimeware has a history of being used to control compromised hosts (zombies) for many types of cybercrime, including the harvesting of banking credentials, building botnets for distributed denial of service (DDoS) attacks, and targeting platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures. Webinject attacks available for sale in the wild vary in sophistication from simple attacks that report account information and credential theft to highly advanced webinjects that utilise ATSEngine for automated fund transfers to attacker-controlled accounts, added the advisory body.
According to Akamai's PLXert Yummba webinject is customised to match the look-and-feel of a website of a specific financial institution to fool the user into entering banking credentials. What’s more, the Yummba webinjects work with the malicious Automatic Transfer System (ATSEngine), streamlining the process of wiring a victim’s funds to a third-party account. As a result, a malicious actor using Yummba webinjects can inject dynamic content into a web display when a customer visits an online banking site, steal information from the user’s session, and immediately and automatically transfer funds out of the victim’s accounts.
PLXsert anticipates the underground crimeware ecosystem will continue to produce new and more powerful tools like Yummba webinjects to take advantage of the massive number of exploited devices on the Internet.
Slim Souissi, President and Chief Operating Officer of Novatel WirelessStuart Scholly, senior vice president and general manager, Security Business Unit, Akamai
PLXsert has identified more than 100 financial institutions for which active webinjects are available in the wild. Most are mid-size and large financial institutions in North America and Europe. Preventing these attacks requires user education, improved security and system hardening, and international cooperation and community cleanup.
