Cyber criminals go for the money as banking trojans rise in August

Published on: 20 Sep 2017

Banking trojans were extensively used by cyber criminals throughout August.

This is according to Check Point Software’s latest Global Threat Impact Index, which featured three banking-focused trojans Zeus, Ramnit and Trickbot in its top ten.

These trojans work by identifying when the victim is visiting a banking website, and then using keylogging or webinjects to harvest basic login credentials or more sensitive information such as PIN numbers.

Alternatively, trojans may also direct victims to fake banking websites that look like the real thing but steal credentials instead.

The most prolific form of malware in August was Roughted - large scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware.

It can be used to attack any type of platform and operating system, and utilises ad-blocker, bypassing and fingerprinting in order to make sure it delivers the most relevant attack.

Second place was Globeimposter - ransomware that is distributed by spam campaigns, malvertising and exploit kits. Upon encryption, the ransomware appends the .crypt extension to each encrypted file.

HackerDefender was third. This user-mode rootkit for Windows can be used to hide files, processes and registry keys.

It also implements a backdoor and port redirector that operates through TCP ports opened by existing services, meaning a hidden backdoor can’t be found through traditional means.

In terms of mobile, Triada, Hiddad and Gooligan were the three ‘most wanted’ forms of malware in August.