A new targeted malware attack is threatening UK bank customers.
Security firm Trusteer said that it has spotted a malware attack that compromises user credentials by creating a fake bank log-in page and then uses those credentials to perform an "authorised" monetary transfer.
The attack is being spread through multiple infection methods, including web-based exploits and spam email attachments.
Rather than aim to infect numerous systems around the world, however, the company said that the attack is specifically targeting the UK and focusing on very few banks at a time, anywhere from three to seven in a single run.
The UK is not the first country to be targeted for such attacks. Trusteer has spotted similar operations in South Africa and Germany.
Trusteer chief technical officer Amit Klein told V3.co.uk that there could be a number of reasons for the small focus, though one of the chief benefits would be avoiding the "honeypot" threat monitoring systems of larger anti-malware networks.
"If the honeypots catch threats that run globally, you can focus on a small enough region and those traps might miss you," said Klein.
"If you have a smaller distribution the probability that an antivirus vendor will get you on their radar is much smaller."
Additionally, Klein noted that a narrower focus allows the malware writers to specially craft their fraud tools for the unique security protections and procedures of UK banks.
Klein said that his company does not see such attacks disappearing any time soon. Rather, Klein said that targeted malware attacks will become a favoured tactic for criminals looking to compromise bank accounts and avoid security vendors.
"Specialisation allows them to conduct their operation in a smarter, more efficient way," he explained.
"If they really want to succeed they need to focus on fewer banks."
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users
Attack revealed bugs and potential security flaws that were later exploited in real-world cyber attacks