Bank Trojan Uses New Tricks to Hijack Account Info

Paul Lilly

There's a new piece of malware making the rounds, one that could get more dangerous with time. It's a Trojan called "OddJob," and eastern European cybercriminals are using it to steal from online bank accounts in the U.S., ComputerWorld reports . That in and of itself isn't anything new, but according to Amit Klein, chief technology officer at security firm Trusteer, the way it's hijacking account information is different than most other malware.

OddJob is designed to steal session ID tokens, which allows hackers to hijack a user's online banking session in real-time rather than logging into the account at a later time. The tokens are issued by a bank to identify a user's session, and by stealing the tokens and embedding them into their own browsers, hackers gain unfettered access to the victim's account, even while the unknowing victim is still active.

"The malware essentially allows the fraudster to share the session with the victim so that any activity the victim can see, the fraudster can see as well," Klein said.

After the user logs out, OddJob keeps the hacker logged in.

"The fraudster has a keen interest in the session not being terminated. So in order to avoid that, the malware has the ability to detect logout attempts and to discard them," Klein added.

Klein also said he thinks OddJob is a work in progress and will only get more sophisticated in time.

Around the web