Policy Observatory

There is an increase in use of complex crimeware that gathers the passwords of online customers at specific banks and automatically transfer funds out of their accounts, according to Akamai’s security group. The surge is being aided by a tool called Yummba webinject, which generates pop-ups – injects - during legitimate banking sessions that ask for usernames and passwords. The phony dialog boxes mimic the look and feel of the genuine bank Web pages with logos, colors and fonts used on the legitimate site.