Threat Database Trojans Eurograbber


By JubileeX in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 3
First Seen: December 11, 2012
Last Seen: February 18, 2022
OS(es) Affected: Windows

The Eurograbber Virus is a dangerous banking Trojan that has made news because of a highly successful attack. According to PC security researchers, the Eurograbber Virus has been used to steal more than $47 million Euros! This is done by intercepting text messages used in two-step authentication by mobile banking customers. The Eurograbber Virus is not a brand new malware infection. It is one of the many variants of what is the current standard of banking Trojans: the Zeus Trojan (also known by its aliases Zbot and Zitmo). By stealing quantities fluctuating from a couple of hundred euros to tens of thousands, the Eurograbber Virus has managed to steal an exorbitant amount of money from unsuspecting computer users.

The initial Eurograbber Virus infection will usually come from a malicious link located in spam email messages. These will typically lead the victim to an attack website that uses Java vulnerabilities to install the Eurograbber Virus on the victim's computer. The Eurograbber Virus is designed to sit silently on the victim's computer, not causing overt symptoms that would betray its presence. When the victim uses the infected computer to connect to a banking portal, the Eurograbber Virus steals the victim's login information and uses a social engineering approach to convince the victim to enter their phone number. The addition of this crucial additional step is what has made the Eurograbber Virus so effective.

The Crucial Mobile Component of the Eurograbber Virus Attack

The mobile variant of the Zeus Trojan is known as Zitmo, which stands for 'Zeus in the Mobile'. When the web browser component of this attack captures the victim's phone number, the criminals behind this threat send a malicious SMS to that telephone number which infects the victim's phone with the Eurograbber Virus' mobile component, a variant of Zitmo. This allows criminals to bypass two step authentication, a practice used by most European banks in order to protect their customers. Basically, they send a text message with a confirmation code whenever the online banking account is accessed. By intercepting both the victim's browser and mobile phone, the Eurograbber Virus can be used to take over the victim's online banking account and make fraudulent withdrawals. The mobile component of the Eurograbber Virus does not affect the iPhone, only targeting BlackBerry and Android phones. This threat's Zeus variant will also affect computers with the Windows operating system, so Linux and Mac OS X users are safe from this particular threat.


Most Viewed