The added advantage for the criminals is that it effectively circumvents both two-factor authentication and machine identification protections.

IBM Security Trusteer who called it virtual mugging tool, analysed it and has released areportdetailing it.

KL-Remote is distributed by embedding it with other malware and comes preloaded with a list of targeted banking URLs.

KL-Remote ‘virtual mugging’ bank fraud toolkit bypasses 2-Factor Authentication and Device Identification

By pushing the Start phishing button, the criminal causes a message to appear on the victims screen.

The tool contains separate messages for each of the targeted banks.

Each message is customized to the banks website login/authentication process and copies its look and feel.

KL-Remote ‘virtual mugging’ bank fraud toolkit bypasses 2-Factor Authentication and Device Identification

IBM recommends users and financial institutions take the following steps to protect themselves:

Read More

toolkit takes a snapshot of the original website the victim was viewing and presents it as an image on the screen of the infected computer. From that point on, the victim cannot interact with the legitimate banking website (such as closing it or trying to proceed with a standard login). By pushing the “Start phishing” button, the criminal causes a message to appear on the victim’s screen. The tool contains separate messages for each of the targeted banks. Each message is customized to the bank’s website login/authentication process and copies its look and feel.

toolkit takes a snapshot of the original website the victim was viewing and presents it as an image on the screen of the infected computer. From that point on, the victim cannot interact with the legitimate banking website (such as closing it or trying to proceed with a standard login). By pushing the “Start phishing” button, the criminal causes a message to appear on the victim’s screen. The tool contains separate messages for each of the targeted banks. Each message is customized to the bank’s website login/authentication process and copies its look and feel.

spot_img

source: www.techworm.net