SpyEye is a

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

program that attacks users running

Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...

Opera Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a librett ...

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...

and

Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

operating systems. This malware uses

keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...

and

form grabbing Form grabbing is a form of malware that works by retrieving authorization and log-in credentials from a web data form before it is passed over the Internet to a secure server. This allows the malware to avoid HTTPS encryption. This method is more e ...

to steal user credentials for malicious use. SpyEye allows hackers to steal money from online bank accounts and initiate transactions even while valid users are logged into their bank account. SpyEye has the ability to insert new fields and alter existing fields when a compromised user's browser displays a web page, allowing it to prompt for

user names A user is a person who utilizes a computer or network service. A user often has a user account and is identified to the system by a username (or user name). Other terms for username include login name, screenname (or screen name), account ...

passwords A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

, or card numbers, thereby giving hackers information that allows them to steal money without account holders ever noticing. It can save the user's false balance (with fraudulent transactions hidden) so that the next time the user logs in, the fraudulent transactions and real balance are not displayed in the user's browser (though the bank still sees the fraudulent transactions.) SpyEye emanated from

Russia Russia (, , ), or the Russian Federation, is a List of transcontinental countries, transcontinental country spanning Eastern Europe and North Asia, Northern Asia. It is the List of countries and dependencies by area, largest country in the ...

in 2009 and was sold in underground forums for $500+ in which SpyEye advertised features such as keyloggers, auto-fill credit card modules,

email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...

backups, config files (

encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...

), Zeus killer,

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...

access,

POP3 In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use, and along with IMAP the most common p ...

grabbers and

FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...

grabbers. Target users and institutions in the

United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the continental mainland. It comprises England, Scotland, Wales and North ...

Mexico Mexico (Spanish: México), officially the United Mexican States, is a country in the southern portion of North America. It is bordered to the north by the United States; to the south and west by the Pacific Ocean; to the southeast by Guatema ...

Canada Canada is a country in North America. Its ten provinces and three territories extend from the Atlantic Ocean to the Pacific Ocean and northward into the Arctic Ocean, covering over , making it the world's second-largest country by tot ...

and

India India, officially the Republic of India (Hindi: ), is a country in South Asia. It is the seventh-largest country by area, the second-most populous country, and the most populous democracy in the world. Bounded by the Indian Ocean on the so ...

were the largest victims of SpyEye; the United States made up 97% of the institutions that fell victim of this malware.

Authors of SpyEye

It is believed that the creator of

Zeus Zeus or , , ; grc, Δῐός, ''Diós'', label=Genitive case, genitive Aeolic Greek, Boeotian Aeolic and Doric Greek#Laconian, Laconian grc-dor, Δεύς, Deús ; grc, Δέος, ''Déos'', label=Genitive case, genitive el, Δίας, ''D� ...

said that he was retiring and had given the

source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...

and rights to sell Zeus to his biggest competitor, the creator of the SpyEye trojan; those same experts warned the retirement was a ruse and expect the developer to return with new tricks. In 2016, Aleksandr Andreevich Panin, author of SpyEye, was arrested and sentenced to nine years and six months in prison.

Hamza Bendelladj Hamza Bendelladj ( ar, حمزة بن دلاج, Ḥamza bin Dalāj , th, แฮมซา เบ็นดิลลาดจ์, Haemsa Bendinlat), born either in 1988 or in 1989 in Tizi Ouzou, is an Algerian cyber-criminal and a carder who goes by th ...

, co-author of SpyEye, was arrested and also sentenced to prison for 15 years years; both men were charged for stealing hundreds of millions of dollars from banks all around the world.

Authors of SpyEye

References

See also