Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Fake pop-ups injected into online banking transactions
MADISON, Wis. (11/14/12)--The latest version of the Citadel banking Trojan malware has something malware analysts have never encountered before:  a browser malware that launches fake pop-ops during online banking transactions and tricks online users into re-entering their bank and credit union account logins and passwords.

The risks for credit unions and banks, as well as their members/customers, are obvious. And it means that credit unions and others will need to offer crash courses to their members about defending themselves from the advanced Trojans ( Nov. 12). Otherwise, financial institutions will see even greater losses due to fraud.

The Citadel, which is an advanced mutation of the infamous Zeus Trojan malware, was discovered in "underground" forums in January. It is a keylogger that steals online banking authorization credentials by capturing the computer user's keystrokes ( Nov. 12). The Trojan was the topic of a number of warnings to credit unions and banks in August by the Federal Bureau of Investigation (FBI) and the FBI's Internet Crime Complaint Center.

The latest version uses social engineering tools to create the pop-ups, even on legitimate banking sites. And that will confuse consumers making online transactions at their credit union's site.

In the underground forums, Citadel developers are claiming they have infected computers with the new version of the Trojan. They allege they have infected computers relying on Microsoft Security Essentials, McAfee and Norton. The new development has upped the price of the Trojan on the cybercrime market. Several months ago, it went for $3,000. Now it is worth $4,000, say malware researchers ( Aug. 21).

Malware researchers said credit unions and banks should consistently educate users about emerging online and mobile security threats. Explain the variations of the attacks, such as the new pop-up feature, so consumers know what to watch for when online.  Also, train staff to identify more quickly suspicious transactions, including withdrawals and wire transfers.

Other advice:

  • Avoid using out-of-date software versions that have vulnerabilities easy to exploit. Software companies issue patches and updates; use them. Out of date Java software in particular has been a gateway for the Trojan infection, say researchers;
  • Run  full-system virus scans at least once a week;
  • Use caution when entering user names and passwords and enter these slowly to give time to back out if something seems odd;
  • Regularly visit the FBI's Internet Crime Complaint Center for updates about Citadel;
  • Have a computer expert remove any malware. Even if you succeed in unfreezing the computer, keyloggers and other malware may still be operating in the background; and
  • Never pay money or provide personal information to a suspicious online entity.
Other Resources


News Now LiveWire
At @FTC request, court halts operations of an alleged debt-relief scammer calling itself “FTC Credit Solutions.”
23 minutes ago
.@daytondailynews : The secret is out about #creditunions @DayAirCU @CODECreditUnion
35 minutes ago
.@CUNA's @Nussle on @SenatorReid :(2of2)On behalf of more than 102M #CU members,I thank him 4 his leadership over the yrs/wish him the best.
2 hours ago
.@CUNA CEO Nussle on Sen. Reid’s decision not 2 seek re-election (1of2): Sen. Reid has a long history of #CU support throughout his career.
2 hours ago
#Jobless claims duck under 300K for 3rd straight week #Market #Economy
2 hours ago