Check Point And Versafe Uncover New Eurograbber Attack

Check Point Software Technologies Ltd, the worldwide Internet security provider, and Versafe, a private and independent vendor of online fraud prevention solutions, have published “A Case Study of Eurograbber: How 36 million was stolen via malware.” The case study uncovers a highly sophisticated attack used to steal millions from corporate and private banking customers across Europe.

Eurograbber was launched against banking customers, using a sophisticated combination of malware directed at computers and mobile devices. The malware, in conjunction with the attackers’ command and control server, first infected the victims’ computers, and then, infected their mobile devices in order to intercept SMS messages to bypass the banks’ two-factor authentication process. With the stolen information and the transaction authentication number (TAN), the attackers then performed automatic transfers of funds, ranging between €500 and €250,000, from the victims’ accounts to mule accounts across Europe.

Key Findings:

  • An estimated €36+ million has been stolen from more than 30,000 corporate and private bank accounts.
  • The attacks originated in Italy, but quickly spread to Germany, Holland, and Spain.
  • The theft involved a sophisticated combination of malware directed at computers and mobile devices of banking customers.
  • A new and very successful iteration of a bot attack (the Zeus Trojan) was used in the widespread Eurograbber attack.
  • Android and Blackberry mobile devices were specifically targeted, showing that attacks against Android devices are a growing trend.

"Eurograbber is an excellent example of a sophisticated and stealthy attack. Custom designed and targeted threat attacks like Eurograbber is part of the community which is alive and motivated to create even more sophisticated attacks. Enterprises as well as individuals need to exercise caution and ensure they conduct important online business, especially financial transactions in the most secure environments possible. Users need to be steadfast in ensuring their data and devices have all possible security layers enabled and they are updated regularly to ensure the best protection possible," said, Bhaskar Bakthavatsalu, Regional Director- India and SAARC at Check Point Software Technologies.

“Cyberattacks have become more sophisticated, more creative, and more targeted than ever before,” said Eran Kalige, Head of Security Operation Center, Versafe. “As seen with Eurograbber, attackers are focusing on the weakest link, the people behind the devices, and using very sophisticated techniques to launch and automate their attacks and avoid traceability.”

Check Point provides comprehensive protection for both enterprises and consumers against all types of threats. Check Point Gateways running Check Point Software Blades, such as Antivirus, Anti-bot, and IPS, can detect and prevent the Eurograbber attack. Check Point Threat Cloud, the first collaborative network to fight cybercrime, feeds software blades with real-time intelligence and signatures enabling the gateways to identify and block attacks, including malware detection and bot communications, which are key elements of the Eurograbber attack. Additionally, Check Point's ZoneAlarm solutions protect home users’ computers from Zeus Trojan variants and other malware and online threats.

Versafe’s technology and products detect and prevent attacks, like Eurograbber, in real-time. With its unique set of components installed on a bank’s website, Versafe protects online users who log onto the website. By leveraging components such as the vHTML, Versafe can detect zero-day malware.

Additionally, Versafe vCrypt eliminates malware functionality and renders the attacker’s database useless. Versafe offers financial organisations, who are operating online, the ability to gain and maintain control over areas that were previously unreachable and indefensible, enabling them to protect their end users seamlessly.

Firstpost is now on WhatsApp. For the latest analysis, commentary and news updates, sign up for our WhatsApp services. Just go to and hit the Subscribe button.

Updated Date: Feb 02, 2017 23:54:53 IST