Know the banking trojans and their dangers.

Banking Trojans are the biggest threat to your digital money, stay tuned to find out what you can do to keep your money safe from cyberthieves!

Among all the sensitive information that a user may have on their computers and online; we can agree that banking and financial data are the most susceptible to theft or fraud. So in this area; hackers are increasingly aware of how they can access this type of information; in order to make a financial profit through their actions. So, in this area; banking trojans stand out as a method for obtaining this sensitive data. So we will see what Trojan viruses are, how they work, what are the most common Trojans and how we can protect ourselves.

banking trojans

What is a Trojan?

It consists of a type of malware that uses social engineering to influence users in order to be executed. Many times the program claims to be legitimate in order to gain the user’s trust; but once installed on the computer it begins to cause many types of havoc; ranging from “backdooring” to spying on users. Many times these programs can sneak into hacked or “pirated” application installers or into free versions.

The name Trojan refers to the story of the “Trojan horse” where Greek soldiers were unable to enter the fortified city. So they faked their surrender and built a giant wooden horse as a “peace offering”; where they introduced the soldiers and once they let the horse in the soldiers took the city. Therefore; the Trojan virus is an analogy for this story; where the virus ends up hiding in seemingly authentic applications. So that they can be installed and can wreak havoc on users’ systems.

There are many types of Trojans and each one presents a different threat depending on its target. Among the types of Trojans that exist, we find: Remote Access Trojans (RAT), Denial of Service Trojans (DoS), Ransomware or Malicious Data Destruction Trojans, Dialers (dial-up), Spyware; among others. However; there are several obstacles that Trojan owners must overcome in order to carry out their attacks and achieve their objective. The first is locating the process memory of their target’s browser (google chrome, opera, Microsoft edge, etc); secondly injecting a useful or appropriate payload; thirdly detecting the points of attack and finally; getting the user to install the malware.

Dangers of banking trojans

Now, after understanding the basic concepts of Trojans; it is ideal to understand how they affect the banking and financial sector. Banking Trojans are a set of malware that targets the theft of data from electronic bank accounts. The way to do this is to capture and store keystrokes; normally carried out by the user on the web pages they visit.

Malware stores the information and creates lists of banks, and then turns them into malicious servers. And the attacker then uses them to his advantage; this way he creates a way for the user to install that malicious server in his computer; in order to access the information.

The most updated malware may have the ability to take screenshots of victims and videotape the pages where the victim has sensitive information. After hackers obtain users’ banking information, they use a third party to manipulate it in order to receive the funds from the stolen bank account. After this, the criminals transfer the money to another foreign account belonging to them, which leaves no record. Typically, these individuals are normal users who are tricked into promising a job or compensation for transferring the stolen money to the offender’s account without their knowledge.

Most common and dangerous banking trojans

Next, we will get to know the most common and dangerous Trojans used for the theft of sensitive banking information, among them are:

  • Dorkbot: This is a “worm” type of malware that mainly affects computers that use Windows as their operating system. After being installed, the malware is passed to a network of botnets that are controlled remotely via the IRC protocol. In this way, information is obtained from social network and corporate email passwords and electronic wallet passwords such as paypal. These can be propagated via removable drives (USB)
  • Emotet: is a malware that after being introduced to a device, has the ability to record and save network traffic data from the web browser that the user performs, thus allowing the interception and theft of sensitive data, in this case, bank accounts and passwords. Kronos: This was malware sold to cyber-crooks in the form of attachments or links, and the developers obtained the credentials of users to access bank accounts;is also a banking Trojans
  • Osirirs: This is a new variant of the kronos Trojan, a sort of update that includes other functions such as keystrokes, TOR network command control, VNC remote control, among others. Its new updates made it possible to evade detection on any website or virtual environment, as well as allowing malicious code to be introduced into websites.
  • Zeus: This is a classic Trojan, meaning that its methods of infection are usually through phishing or voluntary downloads. After it infects Windows, it uses various techniques such as “keylogging” or “cryptolocking” to steal credentials, passwords and other sensitive banking information.

    How can we prevent these attacks?

There are many ways to prevent the infection of these malwares; but the most important is human intervention, as they work mainly with social engineering or pshishing. So it is necessary to be alert to the signals that cyber-crooks send.

A useful way to avoid installing this type of malware is to refrain from installing ‘hacked’ programs; as these are often the techniques where hackers tend to hide the malware. So that users voluntarily download it in the belief that it is a common file.

Another way to prevent infection by these Trojans is to avoid downloading files from pages that are not secure, i.e. that do not have encrypted security. This is noticeable when the “HTTP” cycles appear at the beginning of the URL instead of “HTTPS”; as the “S” means that the site is secure, other ways of identifying whether the website you are visiting is secure are through the browser. When Google Chrome detects an unsecured web page; it sends a notification with a red lock icon; indicating that the web page you want to access is not secure.

Be aware of the emails you receive. It is likely that at some point you will receive a fraudulent email that has been sent at random by a hacker with the intention of stealing personal information. The way they do this is by posing as an organization and asking you to install the attached file; which is usually Trojan malware.

The way to identify these emails is to pay attention to details and notice spelling mistakes, meaningless text and check if you know the email address of the sender. When you notice these details, it is best to discard the email.


Interesting related articles: Data encryption and ransomware, watch out! 

Other articles that may interest you: Elections, Pandemic and cybersecurity.