Denis Makrushin, a security expert at Kaspersky Lab. has published findings – “Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Another example is the Neurevt Trojan family. This malware was used not only to steal data in online banking systems, but also to send out spam”
Interestingly some of these new Trojans have cross OS capabilities and can potentially run and infect any computer or operating system including windows, Apple Mac, Android and Linux.
These Trojans also have the ability to infect the User via a variety of methods through browser / OS vulnerabilities. Infection points obviously still occur from compromised websites and servers that the User navigate too. Also we are seeing malware being delivered by various financial themed emails – phishing based emails. These emails are specific to the intended victims containing financial and bank brands with a social engineered call to action. The result is an infected user with targeted malware that disregards OS / device types and end point security scanning.
Users should pay particular attention to using effective and update endpoint security software regardless of OS and device type – yes including Android security. Users also need to be continuously educated to phishing type emails and other web attacks via infected sites.
Banking organisations should be running their protection services in parallel to the User and adopting a layered approach across the end user transactions and internet banking web applications.
New Financial malware – banking Trojans – are increasing in functionality with new families and variants responsible for fraud losses.
There has been a number of reports from our Security vendor partners, plus iZOOlabs analysis, where we are observing a recent upshift in attacks. iZOOlogic clients in disparate countries from the UK to Turkey have been targeted.
The number of new malware variants have recently grown – it has been widely published and noted that collaboration between cybercrimal elements and malware authors is occurring.