Better Safe Than Sorry! Semalt Expert Warns Of Deadly Financial Malware In 2017

Financial malware is the most frequently used tool in the toolbox of a cybercriminal. It's not hard to understand why this is so bearing in mind that for the majority of these criminals money is the main motivation behind their callous activities. As a result, financial institutions face cybersecurity threats on many levels. Financial malware targets the institution's infrastructure (such as servers and POS terminals), customers, and business partners.

Although for the past two or so years the war against cybercriminals has intensified and several notorious gangs exposed, the financial sector continues to suffer the consequences of rising Trojan activity and the spread of infections.

Max Bell, a leading expert from Semalt, describes here the most dangerous financial malware in 2017 for you to stay safe.

1. Zeus (Zbot) and its variants

Zeus was first detected in 2007 and is one of the most prolific financial malware in the world. Initially, Zeus was used to providing criminals with everything they needed to steal financial information and money from bank accounts.

This trojan and its variants capture credentials through keylogging and injecting additional code into unsuspecting bank sites. Zeus is mainly spread through phishing campaigns and drive-by-downloads. The most recent malware in the Zeus family include Atmos and Floki Bot.

2. Neverquest/Vawtrak/Snifula

Neverquest first appeared in 2013 and had since then undergone multiple updates and overhauls. It was designed to infect victims' information once they visited a certain pre-determined banking, social networking, ecommerce, and game portal sites. This financial malware gained traction via Neutrino exploit kit which enabled criminals to add features and functionalities to targeted sites while evading detection.

In 2014, six criminals were indicted on hacking charges about the use of Neverquest to steal $1.6 million StubHub users.

From the history of this malware, it is mostly delivered via the Netrino exploit kit and also through phishing campaigns.

3. Gozi (also known as Ursnif)

This is one of the oldest banking trojans still alive. It's the best example of a trojan that has outlasted crackdowns from law enforcement.

Gozi was discovered in 2007, and though some of its creators have been arrested and its source code leaked twice, it has weathered the storms and continues to cause a headache to financial institutions security personnel.

Recently, Gozi was updated with advanced features aimed at evading sandboxes and bypassing behavioral biometric defenses. The trojan can mimic the speed at which users type and move their cursors as they submit their data into form fields. Personalized spear phishing emails, as well as malicious links, have been used to distribute Gozi by taking the victim to compromised WordPress sites.

4. Dridex/Bugat/Cridex

The first appearance of Dridex on the screens was in 2014. It is known to ride on spam emails delivered mainly through the Necurs botnet. Internet security experts estimated that by 2015 the number of spam emails doing rounds on the internet every day and harboring Dridex had reached the millions.

Dridex mostly relies on redirection attacks which are designed to send users to fake versions of banking sites. In 2017, this malware seems to have received a boost with the addition of advanced techniques such as AtomBombing. It's a threat that you don't want to ignore as you plan your internet security defenses.

5. Ramnit

This trojan is a foster child of the 2011 Zeus source code leak. Though it existed in 2010, the additional data-stealing capabilities that its creators found in the Zeus code grew it from a mere worm to one of the most notorious financial malware today.

Although Ramnit was greatly roughed up by security apparatus in 2015, it has shown signs of major resurgence in 2016 and 2017. There's evidence that it is back and on an upswing.

The traditional way of spreading Ramnit has been via popular exploit kits. Victims are infected through malvertising and drive-by-downloads.

These are just some of the financial malware at the top, but there are still tens of others that have shown an upward trend in trojan activity. To keep your networks and businesses safe from these and other malware, keep yourself updated on the hottest threats at any given time.