Hackers target Italian corporate banking clients with web injection toolkit drIBAN
Researchers from Cleafy, an Italian cybersecurity company, note that the operation has been ongoing since at least 2019.
Italian corporate banking clients have been the target of an ongoing financial fraud campaign using a web-inject toolkit called drIBAN. The main objective is to modify legitimate bank transfers made by victims by changing the beneficiary and transferring the money to a fraudulent bank, Cleafy researchers stated.
The use of web injects is a well-established tactic. It allows the malware to inject custom scripts on the client side via a man-in-the-browser (MitB) attack, intercepting traffic to and from the server. Fraudulent transactions are often carried out using what’s known as an Automated Transfer System (ATS), capable of bypassing anti-fraud systems.
Over the years, the operators behind drIBAN have become increasingly adept at evading detection and developing effective social engineering strategies. They have also established a long-term foothold in corporate banking networks. According to Cleafy, 2021 was the year of the evolution of the classic banking Trojan operation into an advanced persistent threat.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.