SpyEye Malware Hijacks Webcams and Mics to Steal Bank Account Information

Gallery Icon

bill-swift - May 30, 2012

Online banking is extremely convenient for users and extremely appealing for cybercriminals. The potential to steal from online bankers is so huge that these cyber thieves have launched a new campaign using the SpyEye plugin identified as flashcamcontrol.dll.

Security firm Kaspersky has reported that the malware allows cybercriminals to monitor potential victims by hijacking their webcams and microphones in order to get personal information and gather data that can be used to bypass online banking security checks and verification procedures.

SpyEye operates by modifying the Flash permissions of the victim's browser to whitelist a set of online banking websites.

If an infected user visits the site of a specified bank and the browser processing the page requests a flash-document via a link from the first column, the webfakes.dll plugin detects that request and replaces it with an address controlled by the intruders.

As a result, the browser will load a malicious document from the intruder's server ( instead of a flash document from the bank site.

-- Dmitry Tarakanov, Kaspersky Lab malware researcher

In other words, SpyEye displays a fake login page to get online bankers' security codes on the fly. The microphone hijacking comes in handy for the cybercriminals, as it allows them to listen in to conversations with bank phone operators and get a hold of sensitive information and account details.

And if you're wondering why they're hijacking webcams, it's because cybercriminals want to watch the reactions of their victims as they're being robbed–and when they realized that they've been robbed.

Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.