According to the reports, for the first time since the second quarter of the year 2016, banking Trojan horses have replaced ransomware in the list of top malware in email. They valued for approximately 59 percent of all the malicious email payloads in the first quarter of 2018. The banking Trojan horse which was most widely distributed was Emotet. It accounted for 57 percent of all bankers along with one-third of all the malicious payloads.
The Chief Technical Officer at Entersekt, Gerhard Oosthuizen, said that Trojans are capable since they utilize vulnerabilities on various levels. Cybercriminals often entice naive people to click on links in mails that appear to be authentic, which direct the users to either a spoof website or to download an app laced with malware. These scams can seem very real, and the emails used to bait users often copy the official communications of the bank in pattern as well as tone. It makes it really difficult for people to know when an email or the website they are opening or clicking on, or the application they are downloading, is genuine.
What is Banking Trojan?
Banking Trojan deceives the victim into installing what seems to be a safe file, which then sneakingly works to clear up the user’s bank account.
Trojans also make use of inadequate protection in banking applications and net banking platforms. It is all about the most readily achievable objectives – it is highly unlikely that scammers would attack systems which have high-level security measures in position when so many other platforms are easy to target. Depending on one-time passwords or OTPS and only knowledge-based authentication features do not give adequate security against threats and malware, and it is high time that banks understand this.
How can banks combat it?
Combating banking Trojans does need people to be alert and make sure that they are just utilizing the official digital platforms of their banks. However more than just that, the increasing threat of banking Trojans reveal how vital it is for banks to achieve the mightiest possible security standards to safeguards their customers.
Tech-savvy banks have an added opportunity here, they can implement out-of-band two-factor authentication which is virtual without friction, and it offers strong security while stimulating faith and confidence in their clients. The banks can do so by leveraging the strength of the mobile devices.
How do you get infected with a banking Trojan?
While the list is barely exhaustive, the attack methods listed below are the most commonly used ones.
1- Social engineering
If you make a mistake, then even antivirus software and other security solutions will not be able to save you. Hackers employ social engineering tricks like creating fake profiles on social media, catfish, vishing, etc. and they then convince unsuspecting people into downloading a malicious file or clicking on a link which leads to a phishing website.
2- Phishing and spam emails
Phishing is one of the oldest tricks in the book. It is used to spread all sorts of malware. In a phishing attack, the hackers pretend to be a trusted source and send a spoof mail to the victim. The email looks like it has come from a bank or the company where the victim works. The email is laced with a banking Trojan, and it infects the system when the user downloads it.
Advertising networks bear the blame for promoting advertisements to several users, many of the users click on such ads. Attackers take advantage of it, and they compromise the advertisements. In addition to this, they can also create malicious ads which lead the victim to a spoof website or malware download.