Banking Trojans Continue to Lurk Beneath the Surface

No-one likes having a stranger look over their shoulder when withdrawing money from a public ATM machine, so how much more so would you not want that stranger watching as you carry out online banking activities in the privacy of your own home.

Although banks themselves have taken measures to strengthen the security of their authentication processes, Banking Trojans, however, are still being developed to infect online banking users everywhere.


What is a Banking Trojan?

Like other forms of Trojan malware, banking Trojans find their way into a user’s machine disguised as a legitimate piece of software that tricks the victim into downloading it, by which time it is too late. Once installed, the Trojan can then allow the attacker to gain access to the computer’s files and systems as well as monitor and manipulate activities carried out on the infected computer.

As far as looking over the user’s shoulder in order to steal from their account is concerned, the Trojan allows the hacker several options in which to do this.

  1. Key Logging: By monitoring each stroke the user makes, the attacker is able to know the user’s login details to their online bank account to then log in themselves at a later date.
  2. Web Redirects: The Trojan can redirect the user to a malicious landing page so instead of the user logging into their bank’s website they are redirected and asked to log in to the attacker’s lookalike banking site.
  3. Web Injections: Once the Trojan is installed, it could inject additional fields into the bank’s legitimate login page and send the inputted information to the attacker for them to then log in as the user at a later date.

‘Karius,’ a new Banking Trojan currently under development and recently discovered by the Check Point Research team, plans to steal users’ credentials via the third of the above methods, Web Injections. Although no particular bank has yet been specified by the malware, the research illustrates the evolution of how Banking Trojans are put together, often by using code from existing Trojans such as Ramnit, VawTrak and TrickBot which have already infected thousands of machines in the wild.

So with Banking Trojans still posing a threat to online bankers worldwide, how can you protect yourself against the risk of an online bank robbery?

Last year Check Point teamed up with Europol’s European Cybercrime Centre (EC3) to produce a detailed report, Banking Trojans: from Stone Age to Space Era, which shows how the threat has evolved from its earliest days to the current trends in the fifth generation threat landscape. It also covers how criminals use the malware, and launder the money they steal.

In the meantime, these are the steps we strongly recommend all users take to protect themselves against banking Trojans:

  • Be cautious – when opening emails, even when they appear to come from trusted sources, and don’t run macros on Microsoft Office files.
  • Have a comprehensive, up-to-date, security solution – High quality security solutions and products protect you from a variety of malware types and attack vectors. Check Point Sandblast Zero-Day Protection efficiently detects and blocks banking Trojans samples, and extracts malicious content from files delivered by spam and phishing campaigns.
  • Be alert for “weird” behavior of banking and financial services websites – Pay attention to extra login fields you weren’t used to seeing in the past (especially of personal data or things that the bank is not supposed to ask for), changes in the login page design, and any tiny flaws noticeable in the web site display.
  • Install mobile applications, and especially bank applications, only from known and trusted sources such as Google Play and Apple’s app store. This will not guarantee that you do not download malicious apps, but will protect you from most threats.
  • Back up your most important files – Make an offline copy of your files on an external device and an online cloud stage service. Common banking Trojans today follow the info-stealing phase with deploying other malware, including ransomware which can hold your files hostage until you pay.

To stay safe, users should implement advanced protections capable of dynamic analysis. Check Point SandBlast Agent with Zero Phishing technology protects against Banking Trojans.