The resurgence of banking trojans has become a major cybersecurity concern for financial institutions and their customers. These malicious backdoor programs continue to evolve and succeed due to their ability to evade detection and bypass traditional device security. As these attacks become more sophisticated, the need for robust protection mechanisms and agile response systems is more paramount than ever.
What Are Banking Trojans?
Banking trojans are a type of malware disguised as legitimate software and used by cybercriminals to attack online banking systems. They get their name from the infamous wooden horse used by the Greeks to infiltrate Troy and sack the city during the Trojan War.
These programs are particularly insidious due to their ability to initiate malicious activities undetected, having tricked the user into downloading them and granting the necessary operational permissions. By the time the victim discovers the attack, they’ve already lost huge sums of money.
Banking Trojans on the Rise
Banking trojans have existed since the dawn of online banking, steadily evolving over the years and increasing in functionality. In 2020, the FBI warned about the potential rise of app-based trojan intrusions following a 50% surge in mobile banking amid the COVID-19 pandemic.
It turns out the alert was warranted, as the number and complexity of banking trojan attacks have soared since then. According to Kaspersky’s 2022 Mobile Threats report, nearly 200,000 mobile banking Trojan installers were detected — two times more than in 2021.
Despite stronger bank security features and newer system designs, malware continues to persist, adapting in scope and technical ability. What first started as a program primarily targeting bank customers has become a menace across various financial institutions, including FinTech and blockchain companies.
Even more concerning is that these attacks have become an international affair affecting organizations and their customers across continents. A recent example is Grandoreiro — a devious banking trojan operated as a malware-as-a-service to impersonate government entities in Africa, Europe, South America and the Indo-Pacific regions. This malware has targeted 1,500 banking applications in over 60 countries through sophisticated email phishing attacks.
How Do They Work?
Banking trojans are designed for different functions, including:
- Overlay attacks: The malware overlays a fake log-in page onto legitimate applications. When users enter their credentials, the trojan captures and sends them to the hacker. One example is the SharkBot banking malware, which primarily targets Android users.
- Device control: Some trojans can remotely control devices, including the lock and unlock features, camera, text messaging, and even screen content capture. The malware uses these to bypass security before perpetrating theft.
- Keylogging: These banking trojans record a user’s keystrokes when logging into their bank accounts, allowing hackers access.
- Data exfiltration: This malware can exfiltrate SMS messages, intercepting sensitive information necessary for financial transactions, such as 2FA and OTP codes.
How Can Users Protect Against Banking Trojans?
Addressing malware’s increasing pervasiveness requires a comprehensive framework involving a mix of top-notch security measures and the most recent cybersecurity best practices.
- Install Anti-Virus and Malware Detection Software
Just as locking doors and windows prevents physical infiltrations, installing the latest antimalware and antivirus programs protects banking information from malicious threats. Financial institutions can employ advanced analysis tools with hybrid functionality to scan for threats and open detected trojans in a Sandbox for safe assessments.
- Avoid Using Public WiFi for Banking Transactions
Wireless networks freely provided in public spaces like hotels and coffee shops may present an entry point for malware intrusion. Hackers piggybacking the connection can execute man-in-the-middle attacks to intercept online financial transactions.
Unfortunately, up to 20% of Americans continue to use public WiFi for their banking-related activities, exposing themselves to higher risks of attacks. A workaround is to use a VPN when connecting to these networks, as these systems encrypt data and protect sensitive information.
- Employ Strong, Unique Passwords
Passwords are like the final piece to the cyberthreat puzzle. Once breached, hackers can initiate various forms of malware attacks on a user’s online account. Best practices recommend changing passwords every three months, ensuring they are complex enough to limit the efforts of threat actors. The rule of thumb is to create passwords containing over 16 characters with a combination of letters and numbers.
- Use Multifactor (MFA) Authentication
MFA provides an extra security layer against malware threats by requiring additional forms of verification. This can prevent unauthorized access even if login credentials are compromised. However, this measure may soon become ineffective, as more sophisticated threats like the Chameleon banking trojan can disrupt biometric authentication operations, highlighting the need for a multifaceted approach to cybersecurity.
- Download Only Trusted Apps
Kaspersky’s 2023 Financial Threats Report shows mobile banking malware has increased by 32% compared to 2022. This underscores the need for users to install apps from trusted sources only — the Apple App Store, Google Play or Amazon Appstore. Even so, many apps from these stores are not 100% failsafe, but at least they undergo some form of security screening before being listed.
- Be Cautious with Email Links
Avoid clicking links or downloading attachments from unknown emails to prevent phishing attacks. For example, the Emotet trojan typically spreads through malicious email attachments disguised as invoices or shipping notifications.
Don’t Fall Like the Trojans
Banking trojan intrusions have become more frequent and complex in recent years. The best way to protect against this evolving threat is to maintain a robust security posture against all potential attack surfaces. This means employing a mix of cybersecurity measures and best practices. Financial institutions must step up their efforts to safeguard their systems by utilizing the latest advanced threat monitoring and analysis tools.
About the Author
Zac Amos is the Features Editor at ReHack, where he covers cybersecurity and the tech industry. For more of his content, follow him on Twitter or LinkedIn.