Use the force Luuuk

Stealing more than half a million euro in just a week – it sounds like a Hollywood heist movie. But the organizers of the Luuuk banking fraud pulled it off with a Man-in-the-Browser (MITB) campaign against a specific European bank. The stolen money was then automatically transferred to preset mule accounts. When GReAT discovered Luuuk’s control panel it immediately got in touch with the bank and launched an investigation.

On January 20th 2014 Kaspersky Lab detected a suspicious server containing several log files including events from bots reporting to a command and control web panel. The information sent seemed to be related to a financial fraud; it included details of the victims and the sums of money stolen.

Figure 1: Example of log file

Read more: Use the force Luuuk

Story added 25. June 2014, content source with full text you can find at link above.