Some months ago we have warned you about the dangerous banking trojan called SpyEye. Additionally to its malicious features, such as HTML injection and others, it has been also found to have another feature helping for the scammers to hide the fraud and all the changes made on the compromised acount. This seems to be borrowed from Zeus trojan.
As you have already heard, SpyEye is especially dangerous for its ability to inject new fields into a page and make it ask for specific information which wouldn’t be normally asked from the user. For example, because of this virus, baking page can be made to require login, password, debit card number or other sensitive banking data without any sign that it is done illegally. However, this is not the only bad thing about SpyEye – it has been also found to be powerful enough to hide illegal money transfers made on the compromised account. This new feature seems to be borrowed from the Zeus banking malware that is called ‘the parent’ of SpyEye. Zeus is known for its ability to capture specific balance data and then inject it into the same page after making illegal transfer on user’s account.
According to InfoWorld, SpyEye is clearly designed to keep users unaware about the fraud – malware hides fraudulent transactions and deletes those records that could notify victim about the fraudulent transactions made on the account. Even if a person logs out and logs back into his account, he won’t be capable to see these transactions and will be informed only about the altered balance of his account. As you can see, with a help of SpyEye, fraudsters get ability to capture victim’s credit card details and then easily mask their transactions. This feature makes SpyEye one of the most dangerous trojans that can be used to rip people off.