If there is something that moves cybercriminals, it is money. They are always fine-tuning their attacks to have a greater impact and, therefore, achieve a more notable and instant economic benefit. Banking Trojans stand out here, allowing attackers to seize funds from a target's bank account. They simply work, which is why their use is recurrent in threats.
Typically, cybercriminals target company bank accounts, since they contain larger amounts of money than user checking accounts. By distributing this type of malware, attackers try to break into accounts for payroll, inventory, or corporate funds with the firm purpose of stealing money. But no one is exempt from these cybersecurity risks, since the attackers are not going to stop looking for new ways to make more money, also willing to invest part of it in the development, maintenance, configuration and distribution of malicious programs.
These are some of the most popular banking Trojans in recent years:
ZEUS: has evolved and is more complete and dangerous
It started out as a Trojan to steal bank details around 2005 and new variants are still appearing today. Zeus has evolved into a malware package that includes keyloggers, ransomware, and an advanced peer-to-peer (P2P) communication network. The secret of surviving more than 15 years is its sophistication as a malware application.
DANABOT: they prioritize quality over quantity and are silent
One of the main warnings about cybersecurity is to avoid downloading free programs, because they can hide different variants of malware such as DanaBot, capable of silently stealing bank credentials. Be especially careful with antiviruses, VPNs, document or image editors, and games that are available online for free.
URSNIF: steals data on websites of banking entities
This is a common banking Trojan that can steal data stored on banking websites, including passwords, through web injections, proxies, and VNC connections.
DRIDEX: They use decoys to infiltrate
This malware has been seen in large-scale campaigns, but also in smaller attacks. In their messages, the attackers include different types of lures, attachments and intermediate loaders with which Dridex is subsequently installed.
ZLOADER: ZEUS variant, took advantage of Covid-19
It is a variant of the famous Zeus malware, which has made a significant impact in the threat landscape, through which private information is stolen from users of target financial entities. ZLoader can also take over passwords and cookies stored in victims' browsers, connecting to their systems to conduct illicit financial transactions from legitimate devices. The commotion caused by Covid-19 served cybercriminals to distribute ZLoader massively using decoys about prevention tips, diagnostic tests or expenses related to the pandemic to both companies and users.
Antivirus and updated operating systems
In parallel, users need updated antivirus and operating systems that identify the latest Trojan variants, as well as security solutions to inspect email attachments and links, because this remains the most common vector of malware transmission. in general and banking Trojans in particular. Therein lies the key to tackle these problems: awareness.