Security experts have warned banks and their customers to be on their guard after discovering a new Trojan designed to hijack online sessions and keep them open after users believe they have logged off.
The OddJob Trojan was discovered by security firm Trusteer, and is designed to siphon off funds from online bank accounts. The malware features several interesting elements which make it particularly noteworthy.
For example, it is able to intercept communications through the browser, allowing it to steal, inject or terminate user sessions. It can also perform different actions on certain web sites depending on its configuration.
Trusteer chief technology officer Amit Klein wrote in a blog post that OddJob can hijack the session ID token used by banks to authenticate users, allowing hackers to impersonate a legitimate customer.
OddJob also allows hackers to bypass the log-out request to terminate an online session, meaning that they can stay logged in while the user thinks the opposite.
"The most interesting aspect of this malware is that it appears to be a work in progress, as we have seen differences in hooked functions in recent days and weeks, as well as the way the command and control protocols operate," wrote Klein.
"We believe that these functions and protocols will continue to evolve in the near future, and that our analysis of the malware's functionality may not be 100 per cent complete as the code writers continue to refine it."
OddJob has been spotted so far in the UK, US, Poland and other countries.
Delays to the roll-out of age verification for adult websites hasn't stopped government from considering extending them to more websites
Bluehole confirms rumours that Playstation 4 port is coming on 7 December
Atmospheric iodine works as a significant sink of tropospheric ozone, nullifying the harmful pollutant
A temperature rise of just 1.8° C would melt major ice sheets