Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Luuuk Campaign Steals €500K from an European bank in one week

Security experts at Kasperky Lab has uncovered the Luuuk banking fraud campaign which stolen half a million euros in a single week from a single bank. Experts at Kaspersky Labs discovered new banking Trojan dubbed Luuuk which hit the customers of a single European financial institution. In one week, Luuuk trojan targeted a single European bank, not […]

Luuuk Campaign Steals €500K from an European bank in one week

Security experts at Kasperky Lab has uncovered the Luuuk banking fraud campaign which stolen half a million euros in a single week from a single bank.

Experts at Kaspersky Labs discovered new banking Trojan dubbed Luuuk which hit the customers of a single European financial institution.

In one week, Luuuk trojan targeted a single European bank, not yet identified, stealing €500,000 from 190 victims in two countries

Italy and Turkey were the countries most hit by Luuuk, all 190 victims have been identified, each victim has been deprived of a sum ranged between €1,700 to €39,000 according to the analyzed log.

Researchers at Kaspesky Lab were not able to isolate any instance of the malware used for the Luuuk campaign, but investigators suspect of Zeus banking Trojan or a heavily-modified version of another trojan.

banking trojan attack Luuuk 2

Stefan Tanase, security researcher at Kasperksy, declared that that Luuuk looks like a completely new piece of malware.

“On the C&C server we detected there was no information as to which specific malware program was  used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) – have  that necessary capability. We believe the malware used in this campaign could be a Zeus flavor using sophisticated web injects on the victims,” added Vicente Diaz, Principal Security
Researcher at Kaspersky Lab.

The expert at Kaspersky Lab uncovered the fraudulent campaign on 20 January when the investigators discovered its command and control (C&C) server

“The server’s control panel indicated evidence of a Trojan program used to steal money from clients’ bank accounts at least one week old when the C&C was discovered, having started no later than 13 January, 2014,” reported Kaspersky.

The criminals behind the operation, once discovered that their control infrastructure has been localized, have tried to erase every trace that could have been used by investigators to track them. Experts at Kaspersky believe that the criminals have modified the Luuuk C2 infrastructure.

The cyber criminals have spread the stolen money between several dummy accounts, as explained by Vicente Diaz:

“These differences in the amount of money entrusted to different drops may be indicative of varying levels of trust for each ‘drop’ type. We know that members of these schemes often cheat their partners in crime and abscond with the money they were supposed to cash. The Luuuk’s bosses may be trying to hedge against these losses by setting up different groups with different levels of trust: the more money a ‘drop’ is asked to handle, the more he is trusted.”

Diaz has confirmed that Kaspersky Lab has already contacted the targeted bank and the law enforcement agencies:

“Soon after we detected this C&C server, we contacted the bank’s security service and the law enforcement agencies, and submitted all our evidence to them,” added Diaz.

Pierluigi Paganini

(Security Affairs –  Luuuk campaign, Banking Trojan)