The Most Dangerous Financial Malware Threats

October 22, 2015, Written By Bill Hardekopf
Malware Abstract Background

A new report has analyzed and identified the most dangerous malware threats, all of which are capable of emptying bank accounts.

Cyphort, an Advanced Persistent Threat (APT) defense company, released its special report “2015 Financial Malware” last week.

The most dangerous financial malware threats have resulted in the loss of hundreds of millions of dollars and have affected tens of millions of users. They include:

  1. Zeus: Since debuting in 2007, this malware has infected tens of millions of computers worldwide. Financial service professionals consider it to be the most severe threat to online banking.
  2. SpyEye: This Trojan horse has infected 1.4 million computers worldwide. Banking information is stolen using a keylogger application, and the bot can take screenshots of a victim’s machine.
  3. Torpig: This botnet is spread using a Trojan horse called Mebroot. Torpig steals targeted login credentials to access bank accounts. It is difficult to detect because it hides its files and encrypts its logs.
  4. Vawtrak: This a relatively new Trojan that can spread itself via social media, email and file transfer protocols. Its unique feature is that it can hide evidence by changing the balance shown to the victim.
  5. Bebloh: This malware targets login credentials to intercept online transactions and breach financial systems.
  6. Shylock: Attacks European banks via Man-in-the-Browser exploits. Worldwide, it has infected 60,000 computers using Microsoft Windows.
  7. Dridex: Malicious code is executed via email attachments and Microsoft Word documents that contain macros that can download a second-stage payload, which can then download and execute the Trojan.
  8. Dyre: Relies on malicious PDF attachments that can exploit unpatched versions of Adobe Reader. The email subject line will be misspelled and read “Unpaid invoic” or contain the attachment “Invoice621785.pdf.” Once the document is opened, Dyre can obtain bank account credentials.

Financial malware has been around for over a decade, and has become more sophisticated over the years. According to the Verizon 2015 Data Breach Investigations Report, new versions of malware have fast command-and-control channels that are designed to steal account information. According to Verizon’s investigation, five malware events occur every second, and financial institutions experience 350 malware events each week.

“Dealing with damage from evasive financial malware is one of the biggest challenges facing banks and financial services firms today,” Dr. Fengmin Gong, Cyphort’s co-founder and chief strategy officer, said in a statement. “Traditional anti-virus and anti-malware applications miss sophisticated APT attacks.

To keep financial institutions safe, Cyphort recommends that companies:

  • Keep system and applications patched.
  • Educate employees to be careful when visiting websites with popups. If a person does need to go to such a site, do so from a non-Windows platform.
  • Adopt a new defense paradigm that continually monitors, diagnoses and mitigates attacks.

The information contained within this article was accurate as of October 22, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.