Online banking allows you to do bank transactions without having to physically visit a bank. Even conventional paper trade bankers have embraced this style of money management since online banking platforms have made it so simple.
However, there are risks linked to online banking. Even though they provide ease and convenience, online banking platforms have provided fraudsters and hackers with numerous new routes to loot from unsuspecting clients. Furthermore, cybercriminals have taken matters one step further by employing banking malware, notably banking Trojans, which are reaching new and worrying levels of complexity. Attackers are constantly developing new variants that are released into the open in order to evade detection by security solutions on consumer devices.
As a general rule, we’ve always suggested hosting your main bank website with a vendor like us, separate from your online banking vendor. That way, if your online banking service is ever interrupted, the regular website of your bank hosted with us gives you the capability to communicate with your members. And with our BankSite™ Builder content management system, you can log into your website from anywhere, anytime to post a message to your members about an online banking service interruption. Now that’s forward-thinking.
What Are Banking Trojans?
A Trojan is a sort of harmful code or software that appears to be genuine while having the ability to take control of clients’ devices, such as cell phones, PCs, or laptops. It is intended to corrupt, disrupt, or steal sensitive data. It is an app on smartphones that discreetly executes various acts that impact personal or confidential information saved on the device as well as taking control of the device. In 2021, more than 95,000 new mobile banking Trojans were found, according to Russian antivirus firm Kaspersky.
Active and Notable Trojan Banking Malware Families
Banking malware families, as well as strains within those families, are continually developing. The list that follows is not exhaustive of all banking trojans, however, it does cover some of the most dangerous banking trojan families seen since 2007.
Zeus
Zeus, often known as ZBOT, is the most common banking malware. It was first observed in 2007 stealing user credentials, changing webpage forms, and sending users to bogus sites (among other things), and has since evolved. Zeus was widely distributed on the Internet until 2010, when its author apparently “retired” and vended the source code to the SpyEye developer, another family of banking trojans, according to Kaspersky Lab.
Zeus is a well-known Trojan that infects Windows users and attempts to retrieve sensitive information from compromised machines. It also attempts to obtain configuration files and updates from the Internet once installed.
Gozi
Gozi, also known as Ursnif, is an early banking trojan. Simply said, Gozi scams users into performing financial transactions in accounts that do not belong to them. It has been around since 2007 and has caused millions of dollars in harm as one of the first banking trojans. The Gozi source code was leaked in 2010, resulting in the development of various variants of the malware. Gozi shows no signs of slowing down and is regarded as one of the most hazardous banking trojan malware components.
SpyEye
SpyEye, which was first discovered in the wild in 2009, targeted Windows users operating some of the most popular online browsers. To steal users’ credentials, it tracked keystrokes and employed form-grabbing techniques. It sought to target and eliminate the competing malware, Zeus, in addition to being a financial trojan in its own right. SpyEye’s toolkit originally had a “kill Zeus” capability that claimed to delete Zeus from an already infected PC. SpyEye was never as widely distributed as Zeus, despite having many of the same characteristics.
DanaBot
DanaBot, one of the more recent banking trojans, initially appeared in 2018, targeting the Australian market, but has been detected targeting European banks and email providers since it first appeared in the wild. DanaBot, like many other banking trojans, has recently altered its focus away from solely targeting financial institutions for a variety of reasons. Because users frequently exchange passwords across platforms, many hackers still find compromised credentials helpful.
TrickBot
In 2016, F5 Labs identified TrickBot as a pure banking trojan aimed at the financial services industry. It is often distributed by harmful spam emails, targets victims’ financial information, and functions as a malware dropper for other programs. It can harvest credentials, spread laterally over a network, and conduct reconnaissance. It swiftly expanded its focus beyond banks in Australia, the United Kingdom, and Canada to include banks in Germany. Trickbot has received some technological enhancements, including the ability to obtain remote application credentials. Trickbot’s developers are still active, and businesses should be aware that this malware is still a threat.
Panda
Panda was discovered for the first time in Brazil in 2016, during the Olympic Games. Panda employs several of Zeus’s classic techniques, such as man-in-the-browser (MITB) attacks and keylogging, but distinguishes itself by its improved stealth capabilities. This has made malware analysis more challenging. Panda was able to discover 23 forensic analytic tools as of 2017, and it is probable that it currently finds even more. Panda is still active; its stealth characteristics distinguish it as a separate malware family that continues to evade anti-virus software.
Kronos
Kronos virus was first found in 2014 in a Russian underground forum. Kronos positioned itself as one of the most complex trojans, and numerous malware researchers stated that its author(s) definitely knew what they were doing. Kronos, unlike many other banking trojans, did not die with the arrest of a suspected key author. Kronos resurfaced in July 2018 with three independent efforts aimed at Germany, Japan, and Poland.
Carberp
Carberp, a 2009 banking trojan, functions similarly to many other banking trojans by monitoring keystrokes, impersonating webpages, and hiding versions of itself in certain areas. Its goal was to steal banking information. The accused leader of the Carbanak criminal organization was apprehended in 2018. Carberp has kept silent since then, while still remaining a threat.
Bizzaro
Bizzaro is a new banking Trojan spreading in Europe and vast areas of South America, seeking to steal customer financial information and mobile crypto wallets. Although many victims of this financial Trojan are from Italy, France, Spain, and Portugal, it is believed that Bizzaro developed in Brazil. Working through malicious links in spam emails or through a trojanized program, this software will not only acquire personal login details via keyboard loggers, but also control the victim’s crypto wallet.
Citadel
Citadel, a Zeus variant discovered in 2011, primarily targeted credentials stored in password managers utilizing its keylogging capabilities. Citadel was particularly active from 2012 to 2014. Prosecutors said in 2017 that Citadel had infected over 11 million devices. Citadel news has slowed since 2017, but like many other banking trojans that have resurfaced, remains an ongoing concern.
Having these different types of banking malware in mind it’s important to point out that every bank website has to increase its online security and protect it from hackers. By doing so, its customers will also feel confident using its services.
