Banking Trojans are the biggest threat to your money, stay to know how to protect it!
Users who are online are exposed to multiple computer threats from cyber-criminals who seek to perpetrate their attacks on unaware users. Among all the sensitive information that a user may have on their computers and online, we can agree that banking and financial data are the most susceptible to theft or fraud, so in this area hackers are increasingly aware of how they can access this type of information in order to make a financial profit through their actions. So, in this area, Trojan viruses stand out as a method for obtaining this sensitive data, so we will see what Trojan viruses are, how they work, what are the most common Trojans and how we can protect ourselves.
What is a Trojan?
It consists of a type of malware that uses social engineering to influence users in order to be executed. Many times the program claims to be legitimate in order to gain the user’s trust, but once installed on the computer it begins to cause many types of havoc, ranging from “backdooring” to spying on users. Many times these programs can sneak into hacked or “pirated” application installers or into free versions.
The name Trojan refers to the story of the “Trojan horse” where Greek soldiers were unable to enter the fortified city, so they faked their surrender and built a giant wooden horse as a “peace offering” where they introduced the soldiers and once they let the horse in, the soldiers took the city. Therefore, the Trojan virus is an analogy for this story, where the virus is camouflaged or “hidden” in other apparently genuine applications, so that they can be installed and can wreak havoc on users’ systems.
There are many types of Trojans and each one presents a different threat depending on its target. Among the types of Trojans that exist, we find: Remote Access Trojans (RAT), Denial of Service Trojans (DoS), Ransomware or Malicious Data Destruction Trojans, Dialers (dial-up), Spyware, among others. However, there are several obstacles that Trojan owners must overcome in order to carry out their attacks and achieve their objective. The first is locating the process memory of their target’s browser (google chrome, opera, Microsoft edge, etc.), secondly injecting a useful or appropriate payload, thirdly detecting the points of attack and finally, getting the user to install the malware.
Now, after understanding the basic concepts of Trojans, it is ideal to understand how they affect the banking and financial sector. Banking Trojans are a set of malware that targets the theft of data from electronic bank accounts. The way in which these actions are carried out is by capturing and storing the keystrokes that the user makes on the keyboard in the Web pages that he or she visits. This information is then stored and lists of banking entities are created which are then converted into malicious servers that are used for the attacker to use to his or her advantage and create a way for the user to install that malicious server on his or her computer in order to access the information, The most updated malware can have the function of taking screenshots of the victims and taking video of the pages where this sensitive information is entered. After hackers obtain users’ banking information, they use a third party to manipulate it in order to receive the funds from the stolen bank account and then transfer them to another foreign account belonging to the criminal, which leaves no record. Usually these people are normal users who are tricked into promising a job or remuneration for transferring the stolen money to the offender’s account without their knowledge
Next, we will get to know the most common and dangerous Trojans used for the theft of sensitive banking information, among them are:
- Dorkbot: This is a “worm” type of malware that mainly affects computers that use Windows as their operating system. After being installed, the malware is passed to a network of botnets that are controlled remotely via the IRC protocol. In this way, information is obtained from social network and corporate email passwords and electronic wallet passwords such as paypal. These can be propagated via removable drives (USB)
- Emotet: is a malware that after being introduced to a device, has the ability to record and save network traffic data from the web browser that the user performs, thus allowing the interception and theft of sensitive data, in this case, bank accounts and passwords.
- Kronos: This was malware sold to cyber-crooks in the form of attachments or links, and the developers obtained the credentials of users to access bank accounts.
- Osirirs: This is a new variant of the kronos Trojan, a sort of update that includes other functions such as keystrokes, TOR network command control, VNC remote control, among others. Its new updates made it possible to evade detection on any website or virtual environment, as well as allowing malicious code to be introduced into websites.
- Zeus: This is a classic Trojan, meaning that its methods of infection are usually through phishing or voluntary downloads. After it infects Windows, it uses various techniques such as “keylogging” or “cryptolocking” to steal credentials, passwords and other sensitive banking information
How can we prevent these attacks?
There are many ways to prevent the infection of these malwares, but the most important is human intervention, as they work mainly with social engineering or pshishing, so it is necessary to be alert to the signals that cyber-crooks send.
A useful way to avoid installing this type of malware is to refrain from installing ‘hacked’ programs, as these are often the techniques where hackers tend to hide the malware, so that users voluntarily download it in the belief that it is a common file.
Another way to prevent infection by these Trojans is to avoid downloading files from pages that are not secure, i.e. that do not have encrypted security. This is noticeable when the “HTTP” cycles appear at the beginning of the URL instead of “HTTPS”, as the “S” means that the site is secure, other ways of identifying whether the website you are visiting is secure are through the browser. When Google Chrome detects an unsecured web page, it sends a notification with a red lock icon, indicating that the web page you want to access is not secure.
Be aware of the emails you receive. It is likely that at some point you will receive a fraudulent email that has been sent at random by a hacker with the intention of stealing personal information. The way they do this is by posing as an organization and asking you to install the attached file, which is usually Trojan malware. The way to identify these emails is to pay attention to details and notice spelling mistakes, meaningless text and check if you know the email address of the sender. When you notice these details, it is best to discard the email.