VB2016 video: Last-minute paper: Malicious proxy auto-configs: an easy way to harvest banking credentials

Posted by   Martijn Grooten on   May 30, 2017

"Much media attention is given to imminent and visible threats, like ransomware. Other threats remain under the radar and often go unnoticed." This part of Jaromír Horejší and Jan Širmer's VB2016 abstract is perhaps even more relevant today than it was in September 2016, when it was written.

Despite the seriousness of WannaCry, there are many other threats that users face, and banking trojans are one of them. In their VB2016 last-minute presentation, Avast researchers Jaromír and Jan looked at Retefe, a trojan that has targeted banks in several European countries and used malicious proxy auto-config files (combined with a rogue root certificate) to redirect users' traffic to a server controlled by the attackers, thus allowing them to stealthily perform man-in-the-middle attacks.

This method isn't new (Kaspersky Lab researchers Fabio Assolini and Andrey Makhnutin spoke about it at VB2013), but remains a popular way for banking malware to empty victims' accounts.

horejsisimrerpacvb2016.png

The video of Jaromír and Jan's presentation is now available to watch on our YouTube channel.

On the subject of banking trojans, at VB2017 in Madrid, ESET researchers Peter Kalnai and Michal Poslusny will guide the audience through the attack points in browsers that are being taken advantage of by some of the major banking trojans in the wild.

VB2017 will take place in Madrid, 4-6 October 2017. Register now for an Early Bird discount!

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.

VB2019 paper: 2,000 reactions to a malware attack – accidental study

At VB2019 cybercrime journalist and researcher Adam Haertlé presented an analysis of almost 2000 unsolicited responses sent by victims of a malicious email campaign. Today we publish both his paper and the recording of his presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.