More than 30 financial institutions in six countries have been defrauded by sophisticated criminal software that convinces bank customers to install rogue smartphone programs, a major security company reported Tuesday.
Though many of the elements of the malicious software, including the interception of one-time passwords sent to phones, have been used elsewhere, the latest criminal campaign is unusual in that it combines many different techniques and leaves few traces.
Researchers at Trend Micro Inc., which dubbed the campaign Emmental after the Swiss cheese, said they were working with European police and major banks on the continent that were early victims. Banks in Austria, Sweden, Switzerland and Japan have all been hit, with damages somewhere in the millions of dollars, said Trend Micro Chief Cybersecurity Officer Tom Kellermann.