The new Citadel variant discovered by Trusteer researchers contains Man-in-the-Browser (MitB) code which alters the form fields users are asked to fill in on Payzas log-in page. More specifically, the code adds an additional PIN (personal identification number) field to the authentication form.
Citadel is a Trojan program designed primarily to steal online banking credentials, but is also associated with the Reveton ransomware, which locks down computers and displays rogue alerts claiming to come from law enforcement agencies.
Citadels hooks into the browser process can modify web pages opened on infected computers in real time. These rogue local website modifications are known as MitB attacks and are harder for victims to spot than regular phishing attacks because the URLs displayed in the browser address bar are those of legitimate websites.
Payza is a payment platform for e-commerce, corporate disbursements and remittances, which will enable worldwide international payment transfers for individuals and businesses.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now