New Trojan targets German bankers

Anti-virus software vendor F-Secure is reporting that a new version of Internet banking Trojan, SpyEye, uses sophisticated methods to intercept mobile one-time passwords (mTANs) sent to mobile phones, reports The H Security.

In contrast to Zeus, SpyEye appears to have its sights set on German Internet banking users.

According to The Register, the Trojan, which infects Windows machines, displays additional content on a targeted European bank's Web page that requests prospective marks to input their mobile phone number and the IMEI of the device.

The bank customer is informed the information is needed so that a new 'digital certificate' can be sent to the phone.

Help Net Security reveals: “the Trojan is signed with a developer certificate. Developer certificates are tied to certain IMEIs and can only be installed to phones that have an IMEI that is listed in the certificate.

This is why the malware authors request the IMEI in addition to the phone number on the bank's Web site,” the researchers explain. “Once they receive new IMEIs, they request an updated certificate with IMEIs for all victims and create a new installer signed with the updated certificate.”