Security researchers from Trusteer have spotted a clever new technique
used by cybercriminals interested in optimizing their malicious
campaigns in an attempt to earn more revenue.

Here’s how it works:

The recent attack we discovered uses the Tatanga malware platform. In
the configuration file we captured, Tatanga notifies the online banking
victim via a web browser injection that their bank is offering free
insurance protection against online fraud.The victim is then presented
with a fake insurance account that claims to cover the total amount of
funds in their bank account. This fake insurance account is actually a
real bank account that belongs to a money mule.

The victim is told that they will be protected against any losses from
online fraud by this insurance coverage. In the final step, the victim
is prompted to authorize a transaction that they believe is to activate
the insurance coverage. In all likelihood, the victim does not expect
any funds will be transferred out of their account.To approve the
transaction the victim enters a one-time SMS password that is sent to
their mobile device. Unfortunately, the victim is actually approving a
transfer of funds from their account to the fraudster’s money mule account.

Despite the technological implementation behind the success of the
campaign relies on the Tatanga malware platform, a central role for the
success of the concept is played by money mules.

http://www.zdnet.com/blog/security/c...23?tag=nl.e036
--
Dave