updated 5/8/2012 4:27:28 PM ET 2012-05-08T20:27:28

Clever online crooks are hiding dangerous money-stealing malware in a popup that promises to protect you from — you guessed it — money-stealing malware.

With the notorious Tatanga Trojan  at their disposal, fraudsters are forcing rigged Web pages to present a message purporting to be "free insurance" against online fraud. Discovered last year, Tatanga thrives by injecting code into the user's Web browser, which enables the criminals in control of it to hijack the user's online banking sessions.

Believing they're protecting themselves from a multitude of financial threats, the victims who purchase this phony coverage are prompted to authorize a bank transaction to activate the insurance plan, and then told to enter a one-time text message password sent to their cellphone.

[How to Make Sure Your Online Banking Is Safe]

Entering that password, however, sets the scam in motion, and enables the money mules to transfer funds from the victims' accounts to their own.

As with most bank-account-siphoning Trojans, "the ability of Tatanga and the other cybercrime platforms to commit online fraud is limited only by the imagination of criminals," Ayelet Heyman from the security firm Trusteer  wrote.

In the incident the Trusteer researchers found, the crooks set up the scam to drain the victim's entire bank account if the balance is between 1,000 and 5,000 EUR (about $1,300 to $6,500).

Make sure you run strong anti-virus software  on your computer to protect yourself from Tatanga and other banking Trojans, and never enter your personal or financial information on a site that appears suspicious, or is not encrypted.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments