But, there is still one more obstacle in the way of the malware – to complete the transaction a One Time Password (OTP) must be entered by the user.
Trusteer said the malware’s authors have moved to further hide the malware from its intended victims, by making it alter the bank’s FAQ to make it seem as if the bogus messages are entirely legitimate. Anticipating that some suspicious users may reference the bank’s FAQ page, Ramnit authors took the extra step of altering the FAQ section to fit the new process,” said the spokesman.
“By changing multiple entries in the FAQ section Ramnit demonstrates that its authors did not leave anything to chance – even if the victim decides to go the extra step, Ramnit is already there.”
Link: http://www.v3.co.uk/v3-uk/news/2264999/ramnit-sleeping-malware-targets-uk-financial-sector