Increasing cases of a new type of malware targeting banking credentials

February 25, 2022 - 1:34 PM
Photo from cybersecurity firm Kaspersky

A cybersecurity firm detected growing threats in bank-related scams that use a new type of malware in 2021.

Based on data from Kaspersky, a staggering 2.367 million attacks were recorded in 2021 using a malware called banking Trojans.

The firm defined banking Trojans as “programs designed to steal users’ banking credentials to later exploit them and drain targets’ bank accounts.”

Kaspersky noted that the attacks are 600,000 fewer than the ones it detected in 2020.

Newer versions of this malware, however, have increased with more than 95,000 in the past year.

It also has improved capabilities.

Fake call banking Trojan – capable of dropping a user’s call to bank and replacing it with audio recordings from an operator.

“This way, users are tricked into thinking that they are talking to a real bank employee or the standard robot answering machine, and they unwittingly share sensitive information with the attackers,” Kaspersky said.

The Sova banking Trojan – capable of stealing a user’s cookies or small pieces of data.

This allows the attacker to gain access “to personal accounts in mobile banking apps, without necessarily knowing login and password information.”

Game thief Trojan – goes after mobile gaming credentials to be sold “on the darknet or used to steal in-game goods from users.”

“The first mobile Trojan of the Gamethief type stole credentials from the mobile version of PlayerUnknown’s Battlegrounds (PUBG),” Kaspersky said.

Tatyana Shishkova, security researcher at Kaspersky, stressed the need to be more cautious in making transactions online and other similar activities.

“Staying cautious and careful on the internet and avoiding downloading unknown apps is good practice, but I also strongly recommend using a reliable solution. When it comes to the security of finances, in particular, it is better to be safe than sorry,” Shishkova said.

Because of these threats, the firm offered these tips to help keep your banking information safe online.

  • Download apps from legitimate stores only such as Apple App Store, Google Play, or Amazon Appstore.
  • Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.
  • A reliable security solution can help you to detect malicious apps and adware before they start behaving badly on your device.
  • iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts, and GPS features if they think these permissions are unnecessary.
  • A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.