North Myrtle Beach, SC
Bank-raid Trojan jury-rigged to pwn 'major airport's network
By John Leyden
A Trojan has targeted airport workers logging into their employer's private network, security researchers have claimed.
Crooks are believed to have modified the bank account-raiding Citadel Trojan, which is also used in ransomeware scams, and deployed it at a "major international airport hub" to access internal applications and files. It is understood officials and relevant government agencies have been warned of the infiltration. In response, the airport disabled remote access to the attacked virtual private network (VPN), according to security software maker Trusteer.
The man-in-the-browser attack, we're told, featured a combination of form grabbing and screen capture techniques to lift employees' usernames, passwords and one-time pass codes generated by an unnamed two-factor authentication vendor, which was has also been notified about the attack.
Trusteer said the affected vendor offered pattern-based authentication and it was this technology that was circumvented to pull off the VPN compromise.
Gladiator Security Forum