Trojan nasties raid passwords – Malware – Breaking Business and Technology News at silicon.com
For more info click on above link

Two Trojan horses with distinctive traits have been flagged by security researchers: one that hijacks one-time-use passwords, and another that hides behind a rootkit.

The unrelated malicious programs, reported last week by security companies, represent new twists thought up by hackers in their development of Trojan horses, which are harmful programs disguised to look like innocent software.

Banks in Germany, Spain and the UK have been targeted by MetaFisher, otherwise known as Spy-Agent and PWS. After infecting a computer, the Trojan horse waits until the user visits a legitimate bank website, then injects malicious HTML into certain fields there. The program then hijacks one-time-use PINs and transaction numbers as the person enters them into the fields.

As a result, those one-time PINs and transaction numbers are never logged onto the website and they remain valid, said Ramses Martinez, a director at security company iDefense. The intruders then probably store the data either for their own use or sell it on to others, he added.