Luuuk Trojan Stole Over $680,000 In Just A Week, Then Disappeared

Posted: Jun 26 2014, 1:20am CDT | by , in Technology News


This story may contain affiliate links.

Luuuk Trojan stole over $680,000 in just a Week, then disappeared
Photo Credit: BGR

Luuuk Trojan Online Banking Malware

Luuuk is the name of a mysterious Trojan that was discovered in early 2014 after having allowed its creators to steal more than €500,000, or about $680,000, in just seven days by performing “Man-in-the Browser” attacks. Kaspersky found the threat on January 20th, and it affected 190 customers of an unnamed bank that operates in Italy and Turkey.

The Luuuk Trojan managed to get online banking login credentials from victims using a malicious web injection, which allowed the program to steal usernames, passwords and OTP codes in real-time.

Then, the malware would automatically check the existing balance and perform several malicious transactions “probably operating in the background of a legitimate banking session.” The money would then be transferred to mule accounts. According to the report, Luuuk stole between €1,700 and €39,000 from each bank account accessed.

Interestingly, the organization in charge of Luuuk set up an advanced mule infrastructure with various transfer caps in order to minimize the risk of a person in the network fleeing with the received money.

Kaspersky only analyzed the server-side of the Luuuk operation, and was not able to actually get the malicious code used on the victims, or the infection vector.

“On the C&C server we detected, there was no information as to which specific malware program was used in this campaign,” Kaspersky Labs principal security researcher Vicente Diaz said. “However, many existing Zeus variations, including Citadel, SpyEye, and IceIX, have that necessary capability. We believe the malware used in this campaign could be a Zeus flavour using sophisticated web injects on the victims.”

The hackers took down the command server on January 22, two days after the investigation started, but that’s likely an infrastructure change rather than a complete shutdown.

This story may contain affiliate links.


Find rare products online! Get the free Tracker App now.

Download the free Tracker app now to get in-stock alerts on Pomsies, Oculus Go, SNES Classic and more.

Latest News


The Author

<a href="/latest_stories/all/all/40" rel="author">BGR</a>
BGR is a leading online destination for news and commentary focused on the mobile and general consumer electronics markets. It is America’s number one source of exclusive and breaking mobile news, and a technology category leader among early adopters, savvy technophiles and casual readers alike.




comments powered by Disqus