A new iteration of the Citadel financial malware has been reported to be targeting Payza online payment users, reports PCWorld. The malware is passed through a local in-browser attack that takes users' credentials. Payza services are similar to PayPal, except they have a large concentration in emerging markets. The new Citadel variant was discovered by Trusteer researchers.
A Trusteer researcher, Etay Maor, reported, "The Payza transaction PIN is used every time a user wants to send funds, add funds, withdraw funds or make a payment. By obtaining the victim's email, password and PIN number, a cybercriminal can take over the account and commit fraudulent transactions."
Researchers also said there are increased security concerns in regards to using online financial services in public areas in developing countries. Users should not be using public computers in Internet cafes or other areas with poor online security standards.