Click to Skip Ad
Closing in...

Mysterious Luuuk Trojan stole over $680,000 in just a week, then disappeared

Published Jun 25th, 2014 10:45PM EDT
Luuuk Trojan Online Banking Malware

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Luuuk is the name of a mysterious Trojan that was discovered in early 2014 after having allowed its creators to steal more than €500,000, or about $680,000, in just seven days by performing “Man-in-the Browser” attacks. Kaspersky found the threat on January 20th, and it affected 190 customers of an unnamed bank that operates in Italy and Turkey.

The Luuuk Trojan managed to get online banking login credentials from victims using a malicious web injection, which allowed the program to steal usernames, passwords and OTP codes in real-time.

Then, the malware would automatically check the existing balance and perform several malicious transactions “probably operating in the background of a legitimate banking session.” The money would then be transferred to mule accounts. According to the report, Luuuk stole between €1,700 and €39,000 from each bank account accessed.

Interestingly, the organization in charge of Luuuk set up an advanced mule infrastructure with various transfer caps in order to minimize the risk of a person in the network fleeing with the received money.

Kaspersky only analyzed the server-side of the Luuuk operation, and was not able to actually get the malicious code used on the victims, or the infection vector.

“On the C&C server we detected, there was no information as to which specific malware program was used in this campaign,” Kaspersky Labs principal security researcher Vicente Diaz said. “However, many existing Zeus variations, including Citadel, SpyEye, and IceIX, have that necessary capability. We believe the malware used in this campaign could be a Zeus flavour using sophisticated web injects on the victims.”

The hackers took down the command server on January 22, two days after the investigation started, but that’s likely an infrastructure change rather than a complete shutdown.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.