HSBC Cybercrime Tools: Overcoming Anti-Trojan Technology
In a shocking revelation, cybercrime groups from an underground forum have developed a new technology to evade anti-trojan measures, rendering the world’s major financial institutions’ depositor protection schemes ineffective. This includes HSBC, one of the world’s leading financial institutions, which has partnered with Trusteer to provide its customers with the Rapport browser lock technology.
Trusteer’s Rapport technology has become a standard security measure for 50 banks worldwide, including Britain’s National Westminster Bank and HSBC. In the US, ING Direct USA, eBay, and PayPal customers have also opted for this technology to achieve anti-trojan protection under the guidance of the corporate sector.
However, a recent survey by digital forensics company Group-IB has uncovered a security vulnerability in Trusteer Rapport versions 1208.41 and earlier. This vulnerability allows malicious individuals to bypass the browser lock technology and intercept users’ authentication information while Trusteer Rapport is running.
According to Group-IB’s International Project Manager, Andrey Komarov, “With the help of new vulnerabilities, malicious people will be able to intercept the user’s authentication information while Trusteer Rapport is running.” This allows cybercrime groups to intercept and steal users’ login information, including login details of online banking services.
Trusteer’s CTO, Amit Klein, downplayed the severity of the vulnerability, stating that it only affects Trusteer software available to customers of one of the protective layers. However, Group-IB’s Komarov emphasized that the vulnerability is still a serious threat, and the company has begun to use this trick to bypass Papport checks.
The Vulnerability: A Threat to Financial Security
The vulnerability in Trusteer Rapport versions 1208.41 and earlier allows malicious individuals to intercept users’ authentication information while the software is running. This can lead to the theft of login information, including login details of online banking services.
According to Komarov, “The problem remains unresolved, we can demonstrate to you how to successfully bypass the current version of Rapport through video.” He added that Group-IB’s analysis team has identified specific ways hackers exploit the vulnerability, and some compilers have already copied the vulnerability to bypass security mechanisms.
The Impact on Financial Institutions
The vulnerability in Trusteer Rapport has significant implications for financial institutions, including HSBC. The company’s partnership with Trusteer to provide Rapport browser lock technology has been compromised, leaving customers vulnerable to cybercrime.
While Trusteer has announced a patch for the vulnerability, which will automatically spread to all customer groups, the damage has already been done. Cybercrime groups have already begun to exploit the vulnerability, and Group-IB’s analysis team has identified specific ways hackers are using the vulnerability to bypass security mechanisms.
Conclusion
The vulnerability in Trusteer Rapport versions 1208.41 and earlier is a serious threat to financial security. While Trusteer has announced a patch for the vulnerability, the damage has already been done. Cybercrime groups have already begun to exploit the vulnerability, and Group-IB’s analysis team has identified specific ways hackers are using the vulnerability to bypass security mechanisms.
As a result, financial institutions, including HSBC, must take immediate action to protect their customers from this vulnerability. This includes implementing additional security measures and educating customers on the risks associated with the vulnerability.
Code Snippets and Technical Details
- Trusteer Rapport versions 1208.41 and earlier have been violated and modified to close the “Rapport de-linked from the self-interception system.”
- The vulnerability allows malicious individuals to intercept users’ authentication information while Trusteer Rapport is running.
- Group-IB’s analysis team has identified specific ways hackers exploit the vulnerability, and some compilers have already copied the vulnerability to bypass security mechanisms.
- The vulnerability affects Trusteer Rapport versions 1208.41 and earlier.
- The patch for the vulnerability will automatically spread to all customer groups.