SpyEye Malware Hijacks Webcams and Mics to Steal Bank Account Information

Gallery Icon

bill-swift - May 30, 2012

Online banking is extremely convenient for users and extremely appealing for cybercriminals. The potential to steal from online bankers is so huge that these cyber thieves have launched a new campaign using the SpyEye plugin identified as flashcamcontrol.dll.

Security firm Kaspersky has reported that the malware allows cybercriminals to monitor potential victims by hijacking their webcams and microphones in order to get personal information and gather data that can be used to bypass online banking security checks and verification procedures.

SpyEye operates by modifying the Flash permissions of the victim's browser to whitelist a set of online banking websites.

If an infected user visits the site of a specified bank and the browser processing the page requests a flash-document via a link from the first column, the webfakes.dll plugin detects that request and replaces it with an address controlled by the intruders.

As a result, the browser will load a malicious document from the intruder's server ( instead of a flash document from the bank site.

-- Dmitry Tarakanov, Kaspersky Lab malware researcher

In other words, SpyEye displays a fake login page to get online bankers' security codes on the fly. The microphone hijacking comes in handy for the cybercriminals, as it allows them to listen in to conversations with bank phone operators and get a hold of sensitive information and account details.

And if you're wondering why they're hijacking webcams, it's because cybercriminals want to watch the reactions of their victims as they're being robbed–and when they realized that they've been robbed.

Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices