A friend of mine recently had €1600 stolen from his account in Germany, despite two-factor authentication (SMS Tan is the norm over here), which I always assumed was pretty secure.<p>Turns out the thieves first hack your web browser (through the usual means) and then alter the web page of your bank to display instructions to install a "security" app on your smartphone (MITB attack). So then they have access to both factors and you're boned. Google "Eurograbber" to find out more.<p>What I find kind of scary is the usual caution is likely to fail. After all, this is the correct URL and the correct SSL cert, so if the fake visuals are well produced it will appear completely legit.<p>I suppose one approach is to make sure you always logon with a clean browser, so I was thinking of a portable VirtualBox with a copy of Linux used solely for the purpose of online banking. I could even hand out keys to my friends.<p>Do you think this would be effective? And what precautions do you take with online banking?
While a virtual machine used only to access online banking would probably work, would your friend actually stick with it? And be honest - if he wouldn't there's not much point.<p>The best option is education. Help him understand how the malware was installed and how he can try and prevent it from happening in the future (don't allow applications to be installed if they weren't specifically expecting it, keep their AV running - no matter what an installer says, always install Java and Adobe updates, and avoiding dodgy streaming video and proxy sites).<p>I recently had to help a friend clean ransomware off his system, and found a bunch of other crap while I was at it. --I <i>think</i> I got it all, but I still warned him that it was possible we missed something and a full format and reinstall would be safer. In his case I'm pretty sure it came from one of the many dodgy sites used to stream TV shows and such, although he had also downloaded and installed VLC from one of those sites that rebundled it with additional crap, so that could have compromised the system as well.
Eurograbber is a variation of the Zeus/Sopilka family of malware. I'm surprised his AV didn't pick it up because it's the most popular financial malware after SpyEye and Citadel.<p>What bank was this with? Did they cover the losses?<p>I'm assuming something like the following happened:<p><pre><code> Your friend → (direct) Mule in your country → (Western Union) to the criminal
</code></pre>
I tell my parents to use a linux Mint or Ubuntu live disk whenever they're banking online. It seems to have worked so far.
It seems to me that using the same device to access banking website and receive SMS Tan is asking for trouble. If your smartphone is compromised you are toast. If you use 2 different devices than the hacker has to compromise both of them to get you.<p>My bank offers hardware tokens for authentication and I am glad to pay 1-2 additional euros a month for enhanced security.
this is a good blog to follow: <a href="http://www.lightbluetouchpaper.org/category/banking-security/" rel="nofollow">http://www.lightbluetouchpaper.org/category/banking-security...</a>