browser hijacking

Money stealing malware: Banking trojans

There are, unfortunately, malware out there that targets your bank account without you realizing it until money is missing. These types of malware are called banking trojans, and the most advanced ones may avoid antivirus detection. This post will be a short summary of their capabilities, and no prior computer science education is needed.

These sneaky trojans work by spying on what you type on your keyboard as well as what’s shown on the screen, but may also feed you fake information intended to make you give away your banking log in credentials without you knowing it. This is done by hijacking your browser. Let’s take a look at how this can be done:

The trojan will “activate” as soon as it detects that you’re going to any large bank site or other popular financial services, prompting the trojan to hide the real log in page and instead put up a fake log in form that looks identical to the real deal. The fake form will of course take the information you put in there, and send it over to the criminal in charge of it.

This can even be done at log in pages that requires a second authentication other than passwords, such as keycards or generated one-time codes. The attacker is simply waiting for you to enter your credentials directly to their own computer, like this:

Step 1, a fake log in form that looks identical to what you’d expect on your bank or other financial sites, where you enter your password and username:

The attacker is watching this at his computer and once you press log in/next, the information you entered is sent to the attacker which immediately pastes it into the genuine log in screen at his computer.

Step 2, a fake loading screen is displayed while the attacker uses the log in credentials he just got.

Step 3, while the log in screen keeps loading for you, the final log in step with a keycode or similar, is displayed for the attacker on his computer, who then simply copies the information and sends it over to your fake log in.

You then fill in the code, press log on, upon which a new loading screen will show while the information you just put in is again sent to the attacker, who can now log in to your account. When he’s successfully logged in, a new fake page will load for you, saying that the service is temporarily unavailable.

The above is just an example of log in stealing of a second authentication method, it may vary depending on which banking trojan and which login method is used.

Banking trojans usually spread through infected word documents in emails, hacked social media accounts, or through exploit kits.

Warning signs that you may be infected with a banking trojan attempting to steal your credentials is unusually long loading periods when you log in and the sudden message that the service is currently unavailable at the end. This is why many financial and other sites handling sensitive/private information alert you at their front page that services are currently up and running as they should be. If you get an error despite this message, you may have been the victim of a banking trojan and should immediately contact your bank or other service you just attempted to log in to.

Holy hell, Tumblr is actually running sidebar ads with third-party browser hijack scripts in them. I mean, I suppose I shouldn’t be surprised that this clownshow of a site isn’t vetting their ads, but this is a new level of amateur-hour horseshit even for them.

(If you’re not running an ad blocker plugin and have been wondering why your Tumblr dashboard is sometimes getting yanked to other sites, this is why.)

anonymous asked:

I figured I would ask you, since I can't find this information anywhere, but do you know when Misha might have started taking up running and why? I'm also a runner and I was just curious. I wanted to ask him at NJCon, but never got up the nerve. Thanks so much!!

That’s an interesting question. I don’t know exactly, and this is the closest reference I could find in interviews. I’m deliberately not linking to the source site right now because it keeps hijacking my browser and that’s not cool: 

Suzanne Lanoue: How long have you been running? You look like you know what you’re doing.

Misha Collins: I’ve been running for a long time, but I’ve never been a long, ultra-long distance runner. I’ve run a few marathons, but I’ve never run more than a marathon. You know, there are people who run across the Gobi desert. There are people out there who have unbelievable endurance. I’ve really been daunted by the prospect of running all day. (something I missed her [sic]) I’m just counting myself lucky that I’m not doing a 1,000 mile run.

Suzanne Lanoue: So has it been tough to train for this run?

Misha Collins: I’ve been running more than usual in the last couple of months. About as much as I can. I’ve done a couple of weekends where I’ve done 8 hours of running over the weekend.

Suzanne Lanoue: Doing any of the Rocky thing of running up the stairs at the library? (laughs)

Misha Collins: It gets a little boring after a while. I’m actually looking forward to being done with this long run. The training and running really takes a lot of time.

Suzanne Lanoue: Yeah, I can imagine.

Misha Collins: Are you a runner?

Suzanne Lanoue: No, I’m barely a walker! (laughs) My husband runs a lot just to keep the weight off…he hates it, though.

Misha Collins: Right. That’s actually the biggest perk to running. When you’re running a lot, you can eat a lot. It’s very gratifying.

Perfect Prey currently has a browser hijacker that tells you your computer is locked and to call a number to remove the virus.

This is a ransomeware ploy. ctrl+alt+delete if you get this message, exit out of your browser, and run a virus scan. Don’t click anything in the window (not even cancel/whatever button is offered) Just ctrl+alt+delete and close process. If you have active virus protection, it should prevent the script from running anything, but run a scan just in case.

IDK if anyone has perfect prey’s email, but if someone does, maybe email him and tell him his site got hacked and someone installed a ransomeware hijacker.