SpyEye is a

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

program that attacks users running

Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...

Safari A safari (; originally ) is an overland journey to observe wildlife, wild animals, especially in East Africa. The so-called big five game, "Big Five" game animals of Africa – lion, African leopard, leopard, rhinoceros, African elephant, elep ...

Opera Opera is a form of History of theatre#European theatre, Western theatre in which music is a fundamental component and dramatic roles are taken by Singing, singers. Such a "work" (the literal translation of the Italian word "opera") is typically ...

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...

and

Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...

Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

operating systems. This malware uses

keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitore ...

and form grabbing to steal user credentials for malicious use. SpyEye allows hackers to steal money from online bank accounts and initiate transactions even while valid users are logged into their bank account SpyEye has the ability to insert new fields and alter existing fields when a compromised user's browser displays a web page, allowing it to prompt for user names, passwords, or card numbers, thereby giving hackers information that allows them to steal money without account holders ever noticing. It can save the user's false balance (with fraudulent transactions hidden) so that the next time the user logs in, the fraudulent transactions and real balance are not displayed in the user's browser (though the bank still sees the fraudulent transactions.) SpyEye emanated from

Russia Russia, or the Russian Federation, is a country spanning Eastern Europe and North Asia. It is the list of countries and dependencies by area, largest country in the world, and extends across Time in Russia, eleven time zones, sharing Borders ...

in 2009 and was sold in underground forums for $500+ in which SpyEye advertised features such as keyloggers, auto-fill credit card modules,

email Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...

backups, config files (

encrypted In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plain ...

), Zeus killer,

HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

access,

POP3 In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Today, POP version 3 (POP3) is the most commonly used version. Together with IMAP, i ...

grabbers and

FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and dat ...

grabbers. Target users and institutions in the

United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...

Mexico Mexico, officially the United Mexican States, is a country in North America. It is the northernmost country in Latin America, and borders the United States to the north, and Guatemala and Belize to the southeast; while having maritime boundar ...

Canada Canada is a country in North America. Its Provinces and territories of Canada, ten provinces and three territories extend from the Atlantic Ocean to the Pacific Ocean and northward into the Arctic Ocean, making it the world's List of coun ...

and

India India, officially the Republic of India, is a country in South Asia. It is the List of countries and dependencies by area, seventh-largest country by area; the List of countries by population (United Nations), most populous country since ...

were the largest victims of SpyEye; the United States made up 97% of the institutions that fell victim of this malware.

Authors of SpyEye

It is believed that the creator of

Zeus Zeus (, ) is the chief deity of the List of Greek deities, Greek pantheon. He is a sky father, sky and thunder god in ancient Greek religion and Greek mythology, mythology, who rules as king of the gods on Mount Olympus. Zeus is the child ...

said that he was retiring and had given the

source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer. Since a computer, at base, only ...

and rights to sell Zeus to his biggest competitor, the creator of the SpyEye trojan; those same experts warned the retirement was a ruse and expect the developer to return with new tricks. In 2016, Alexander Andreevich Panin (aliases “Gribodemon” and “Harderman”), the author of SpyEye, was arrested and pleaded guilty to conspiracy to commit bank and wire fraud as part of a plea deal with the prosecutor's office. He was sentenced to nine years and six months in prison. Hamza Bendelladj (alias “Bx1”), co-author of SpyEye, was arrested at the same time as Panin. He was sentenced to 15 years in prison for selling versions of SpyEye online and using malware to steal financial information. Both men were accused of using SpyEye to infect more than 50 million computers and causing nearly $1 billion in damage to individuals and financial institutions around the world.

References

{{Hacking in the 2010s Windows trojans

Authors of SpyEye

See also

References