Keep your digital business safe from Shell Game Malware with XTN Cognitive Security®:
Financial malware appeared to be declining due to strong security measures by banks. However, we’re now seeing a rise in more sophisticated attacks, including cross-bank fraud involving both traditional and neobanks. At XTN, we identified a new fraud scheme, which we labeled ‘Shell Game Malware’, inspired by the classic street scam where an object is hidden under one of three cups to mislead the participant into choosing the wrong one. Similarly, fraudsters use this method to move funds between multiple accounts, evading detection. This highlights how fraudsters continue to exploit common vulnerabilities with evolving tactics.
Shell Game Malware is a sophisticated fraud technique that exploits vulnerabilities in bank security systems and customers’ devices. Fraudsters use phishing to trick victims into installing a malicious app that gives them control over the device. Once installed, the malware enables fraudulent transfers between the victim’s accounts.
The malware exploits the lack of scrutiny over inter-account transfers between accounts held by the same individual, which are often seen as legitimate and bypass fraud detection. It also takes advantage of weaker fraud controls in neobanks, allowing fraudsters to move and quickly liquidate stolen funds without raising alarms.
Initial Infection: Phishing Attack
The fraudster starts by sending a phishing message to the victim, deceiving them into installing a malicious app that allows the malware to operate on the device and gives the fraudster full access to the to the victim’s device, including:
• Access to sensitive personal information (e.g., usernames, passwords, 2FA codes).
• Remote control over the victim’s device, enabling the fraudster to approve transactions or initiate money transfers.
Exploiting Internal Transfers
Once the malware controls the victim’s device, the fraudster initiates a transfer from the victim’s traditional bank account (Bank A) to a neobank account (Bank B). Transfers between accounts of the same individual are less scrutinized, allowing them to pass unnoticed. Bank A’s systems do not flag the transaction, as it resembles the victim’s usual behavior, and the payee is considered trusted, bypassing fraud checks. This often results in exceptions to Security Code Authentication (SCA) requirements, enabling the fraudster to move funds instantly without raising red flags.
Final Fraudulent Transfer
Once the funds are in the neobank account (Bank B), the fraudster quickly transfers the stolen money to external accounts, cryptocurrency wallets, or other untraceable destinations. Due to weaker security at Bank B, these transactions go undetected. The malware allows the fraudster to bypass security checks, including device possession requirements. In a mobile-only context, the fraudster gains full control over the transaction and SCA (Strong Customer Authentication) steps, enabling them to move the funds without raising alarms and making it harder for authorities to trace the money.
Why Target Bank B?
Fraudsters target Bank B due to key vulnerabilities: weaker real-time monitoring, a mobile-first approach that gives full control once the device is compromised, and less scrutiny of international transfers. Neobanks, often operating across Europe, are less likely to flag suspicious activities, providing the perfect environment for moving stolen funds undetected.
Financial institutions face significant challenges in preventing sophisticated fraud like Shell Game Malware. Traditional banks often overlook internal transfers, especially those between accounts of the same individual, allowing fraudulent transactions to go undetected. Neobanks, with weaker fraud monitoring and a mobile-first approach, provide an easy environment for malware to bypass security and give fraudsters full control over transactions.
Both types of banks struggle to detect cross-bank fraud, as fraudsters exploit gaps between institutions. Meanwhile, the increasing sophistication of phishing attacks heightens the risk of malware infections, making it harder for banks to protect customers.
At XTN, we have successfully neutralized Shell Game Malware and know how to tackle this sophisticated threat, emphasizing the need for banks to invest in robust app protection solutions that detect and prevent malware on customers’ devices. XTN’s Cognitive Security Platform® provides real-time malware detection, addressing vulnerabilities in both types of institutions. Our solution integrates seamlessly with existing fraud detection systems, ensuring malware is detected and protecting both banks and customers.
Key features of XTN’s solution include:
Malware Detection
Advanced algorithms that identify the presence of malicious software during app login or transaction execution, ensuring that threats are detected before they can cause harm.
Behavioral Biometrics
Continuous monitoring of user behavior, such as typing patterns, touch gestures, and device location, to spot anomalies that could indicate fraudulent activity.
App Integrity Checks
Ensuring the bank’s app hasn’t been tampered with or compromised, safeguarding against any changes made by malicious actors.
Real-Time Proactive Alerts
Instantly notifying users and blocking suspicious activity when malware-like behavior is detected, preventing fraud before it occurs.
These capabilities work in tandem with the Security Code Authentication (SCA) process to minimize the risk of a single point of failure, ensuring that the device security is fully integrated into the bank’s anti-fraud defenses.
Consequences of Shell Game Malware can impact a digital business by:
• Financial loss
• Reputational damage
• Non-compliance with Regulations
Have any question? We’d love to hear from you.
Copyright © XTN Cognitive Security S.r.l. 2024
Rovereto – Padua – Milan
New York
All Rights Reserved
VAT ID / P.IVA IT04395340286
REA TN – 201845
Share capital 10,000 €
XTN Cognitive Security's information security management system is ISO/IEC 27001:2013
XTN Cognitive Security's information security management system is ISO/IEC 27001:2013
