Carberp Beating Two Factor Authentication

Posted on

  • email
  • twitter
  • facebook
  • share this

share this

TrustDefender Labs has released an analysis into how the new Trojan Carberp infiltrates websites and highlights the impressive JavaScript injection code used.

Those behind Carberp spent time not just on the configuration file, but also making sure they have a method in place to compromise two factor authentication schemes. The Trojan uses heaviliy dynamic JavaScript hosted on a valid HTTPS website.

Andreas Baumhof, CTO of TrustDefender comments, “The evolution of Trojans such as Carberp highlights how Trojans use complex behaviour to employ intelligent guises and commit fraudulent activity. Financial institutions and enterprises need to provide appropriate security, beyond traditional AV software to reduce the risks of fraudulent activity.”

Login To Comment

Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

Be the first to comment on this article

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920