'Luuuk' banking malware may have stolen €500,000 in a week

Kaspersky Lab says the professional criminal group behind the operation is very active

A European bank may have lost as much as €500,000 (US$682,000) in a week earlier this year, according to Kaspersky Lab, which analyzed data on a server used in attacks against online banking users in Italy and Turkey.

In a blog post Wednesday, the Russian security company didn't identify the bank or why it chose to reveal the possible theft six months later. The financial institution has been notified of the discovery, and Kaspersky said is in contact with law enforcement.

On Jan. 20, Kaspersky analysts discovered a command-and-control server for a piece of malware that executed so-called man-in-the-browser attacks on victims' computers. In that type of attack, malware intervenes during an online banking session and can manipulate or steal data.

Two days later, the fraudsters removed all of the "sensitive components" from the server, Kaspersky wrote. That indicates the cybercriminals may have known someone else was looking at it.

The fraud campaign was nicknamed "Luuuk" by Kaspersky after that name appeared in a file path of the server's administrator control panel. It appears the server managed the theft of funds from victims' accounts, automatically transferring the money to the accounts of "mules," or people who agree to receive the funds for a cut and transfer the bulk of the funds onward.

Server logs indicated that as much as €500,000 may have been transferred in a single week, wrote Kaspersky's Global Research and Analysis Team. The data indicated around 190 victims. Analysts also saw on the server descriptions of fraudulent transfers and the IBAN (international bank account number) numbers for victims and money mules.

Kaspersky hasn't seen a sample of the actual malware that was on victims' computers. But data on the server indicated it is similar in functionality to the infamous Zeus banking malware.

The Luuuk malware collected the logins and passwords of victims and one-time passcodes. Since one-time passcodes typically expire in a few minutes, this type of banking malware will use the code to quickly log into the victim's account.

The attackers checked the victim's balance and then conducted several fraudulent transactions automatically, likely "in the background of a legitimate banking session," the company wrote.

There are other indicators that the group is still very active, Kaspersky wrote, although it did not give further details.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityExploits / vulnerabilitiesmalwarekaspersky lab

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?