A new banking Trojan has been created to steal funds from people’s accounts even after they logged out.
According to findings recently published by Trusteer, a security firm, shows that the new Trojan dubbed OddJob allows hackers to hijack customers’ online banking sessions in real time using their session ID tokens. As the session remains open perpetrators can freely access accounts for illegal purposes.
Trusteer says that OddJob is operated by cyber crooks located in Eastern Europe who attack bank customers in different countries. This has included victims in the US, Poland and Denmark.
Trusteer reported further that the malware has evolved since its first discovery, indicating that it is something of a work in progress. The malware is capable of various functions, depending on its configuration, from logging GET and POST requests, to grabbing full pages, terminating connections and injecting data into web pages.
The malware's configuration is not saved to disk, where it might be more easily detected by anti-virus applications. Instead a fresh instance of the malware is fetched from a control server each time a new browser session is opened.