Zeus-based Ice IX Trojan Redirects Bank Phone Calls To Attackers

A new variant of the Zeus financial malware platform that targets online banking customers in the UK and US has been identified by computer security firm Trusteer.

Ice IX steals bank account information and telephone account details, which enables the attacker to divert calls from a bank to a controlled phone number.

Fraudulent process

“We believe the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank’s post-transaction verification phone calls to professional criminal caller services that approve the transactions,” said Adam Klein, CTO of Trusteer.

In an attack, the malware captures the victim’s login details, secret question and answer, and account balance. Telephone account details are then stolen via a web injection which requests the person’s telephone numbers (including work and mobile) and phone service provider. Trusteer noted in one attack that Ice IX presented the three most popular phone service providers in the UK (TalkTalk, BT and Sky) within the data form to obtain the information.

The final part of the attack captures a victim’s telephone account number, something which is necessary to change phone service settings and forward calls on to the attackers as phone companies use the number to verify a customer’s identity. By claiming there has been “a malfunction of the bank’s anti-fraud system with its landline phone service provider” the fraudster is able to justify the request as part of the verification process.

“Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank,” said Klein. “This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user.”

Jiten Karia

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago