Malicious threat actors are running a fraud campaign that takes advantage of the complex structure of the International Bank Account Number (IBAN) numbering system. Reports reveal that hackers use IBAN clipper malware to substitute legitimate IBAN accounts with accounts controlled by attackers.
A couple of months ago, a researcher monitored a group of threat actors on a cybercrime forum advertising monthly subscription-based clipper malware services targeting the Windows operating system.
Based on the analysis, attackers could modify or alter a victim’s IBAN account clipboard from a command and control panel to hijack an actual financial transaction on the target’s system. Threat actors also offered malware solutions to target IBANs in nations registered in the Single Euro Payment Area (SEPA).
IBAN clipper malware enters a victim’s system like any other malware, from phishing emails/attachments, malicious URLs, or by downloading resulting software from the web.
It should be noted that once the malware is successfully installed on the victim’s machine, this clipper malware carries out its operation by capturing all the clipboard text on the victim’s machine to identify the IBAN of the victim being attacked.
After this, the malware replaces the recipient’s IBAN with an IBAN configured by the attacker in the pre-set instructions from the Command and Control (C&C) panel so that after the victim proceeds with a bank transaction, the configured IBAN is pasted by the attacker and transferred to the bank account controlled by the cybercriminal instead of the account of the intended recipient.
