The story of ‘The Trojan Horse’ is quite popular, and so is the name ‘Trojan Virus’. It works in a similar fashion as the Greek siege of the city of Troy. The virus comes in the garb of useful software which you download (this is why antivirus software is so important!) Once on your system, the virus is triggered, and it executes its nefarious operations. This is bad enough, but banking Trojans are a lot more dangerous than regular Trojan viruses because they go after your money. Modern banking Trojans are even more sophisticated and steal a lot more information, so you need to keep yourself informed and watch out.

How Do You Get Infected?

There are different ways malware authors infect your system, and banking Trojans use the same gateways.

1. Phishing Attacks

This is the oldest trick in the book, and it is as popular as it was when people first started using it. You apparently get an email from a trusted source, usually your bank or credit card operator, asking you to visit a link or download an attachment. Doing either of these downloads the Trojan to your system, and you won’t know about it.

2. Exploit Kits

An exploit kit is usually used by ransomware authors to infect users. Banking Trojans are no different. Your system has a lot of software, and some of them might have vulnerabilities you are unaware of. Exploit kits, when downloaded through phishing or similar attacks, scan the system for vulnerabilities. On finding one, they exploit it and use it to infect you with the malware. Banking Trojans make their way into your system in a similar fashion.

3. Malicious Advertisements

Ads that keep popping up on your screen while you browse aren’t just annoying. Oftentimes, they are malicious in nature as well. Malware operators bank on users clicking on their malicious ads. In doing so, it redirects them to a webpage infected with malware. There are always people who get tricked into clicking on ads, and banking Trojan creators leverage this fact to infect you.

What Happens After The Infection?

When you are infected with the banking Trojan, the malware stays silent and does little – other than evade detection and remain hidden. It waits for you to visit your baking website. Once you go to that website, the malware springs into action. Using a variety of techniques, it will steal your bank account details like account number, username, password, PIN, etc. Once this information is recorded, it is sent to the malware operator. This person can now use your credentials to virtually empty your bank account.

The techniques used by banking Trojans to steal your information are:

1. Misdirection

You enter the address of your banking website and are shown the home page. You then log into your account and perform your operations. Everything looks alright, but in reality, it’s all a staged act. The website you see is not the real website. It is a fake website to trick you into believing you are on the original site. Banking Trojans often use this technique to trick users into giving them their credentials.

While you are entering your details on this fake website, the malware operator might be entering them on the real website, or the Trojan itself can do that simultaneously. This also enables it to steal the one time password the real banking website requests, which again works in favor of the Trojan operator since it strengthens your belief that you are accessing the real website. So, the Trojan has all your information, and pretty soon, it also will have all your money.

2. Keylogging

A keylogger records all the keystrokes you make, enabling the Trojan to steal all your personal information. Whenever you enter your bank account details, the keylogger sends the information to the malware server. Once the information is stolen, the money follows.

3. Screen Recording or Capturing

Keylogging is not an unknown practice. The general populace is getting smart and looking for ways to enter their details without using keyboards. Many antivirus software also offer virtual keyboards to assist users in keeping their information secure. However, malware operators are always trying to beat the newest defence mechanisms. While techniques like virtual keyboards render keylogging useless, recording the user’s screen makes it simple to steal this information. There are banking Trojans that employ this technique.

What Else Do Banking Trojans Do?

Banking Trojans usually just go for your money. However, with your system at their mercy, malicious users can steal any sensitive information they want. With keyloggers, they can steal all your passwords. Your social media profiles and email accounts are also as vulnerable as your bank accounts. This can create havoc in your personal life. They can also track your online movements and steal all your browsing activity. All your personal information is in jeopardy, and your online privacy is as good as gone. Those Trojans that have screen capturing and recording capabilities can also watch everything you do. This gives them access to not just your data but the information of others as well through social media, etc.

Most Common Banking Trojans

1. Zeus

The King of Banking Trojans, ‘Zeus’ is the most widely used Trojan. Its operation dates back to 2007, and it has managed to steal over $100 million from users in just a few years. It uses phishing attacks to infect users and then uses keyloggers to steal their account credentials. With the source code going public in 2011, many variants have come up that improve its capabilities, much to the peril of users.

2. Neverquest

This first came into use in 2013 and was targeted to steal user bank details through a fixed pre-designed list of banking websites. It used the Neutrino exploit kit to infect users. Using keylogging, the number of banking websites it can steal from using webinjects has increased manifold. More than $1.6 million was stolen using Neverquest from StubHub alone.

3. Dridex

This banking Trojan has caused problems to users all over the world. Dridex uses a phishing campaign to infect users, and then uses redirection to trick users into revealing their account details. Dridex is responsible for the theft of more than $40 million. Although this Trojan, which first appeared in 2014, was seemingly stamped out in 2015 following the seizing of its servers and arrest of its supposed operator, a newer version appeared in January 2016.

Removing Banking Trojans

This is something that depends on the type of Trojan you are infected with. Removing banking trojans requires you to:

  1. Backup your files
  2. Enter into Safe Mode with Networking (keep pressing F8 as soon as the system restarts
  3. Delete all temporary files
  4. Use a malware removal kit

Protecting against Banking Trojans

Banking Trojans are a menace, and identifying that you are infected isn’t always possible. The best way to ensure your money and information remains safe is to prevent this from happening altogether. You can use a few methods to do so.

1. Don’t Click On Links In Emails

Every security article almost preaches this. It is something very simple to do, but people still fail to do so. Even if the email seems to come from a valid source, confirm before you take action. But you should understand that your bank will never ask you to enter your credentials through a link randomly, or ask you to download a file.

2. Use Updated Software

Software updates always improve the security. Updates invariably contain security patches that deal with any vulnerability that was found in the software. Many malware operators take advantage of unpatched software, which is how exploit kits work. Also, you should use antivirus software that offers malware protection, updates itself regularly, and offers other services like ransomware protection and safe browsers.

3. Try And Use Safe Browsers While Banking

Most antivirus software come with a safe browser that helps block access to malicious or suspicious URLs and helps you handle your personal information better. Whenever these browsers detect unusual activity, they prevent access to the URL and give you a warning.

4. Traffic Filtering Services

Traffic filtering services actively monitor the incoming and outgoing traffic and look for unusual activity. This helps them detect a malware before it even enters your system. While antivirus software is a must, it usually only helps you with malware once it is in your system. Blocking it out right at the beginning is obviously better.

 

Keep Yourself Safe

Banking Trojans continue to steal people’s money and personal data. As long as there is the internet there will be malicious software out there ready to invade your privacy and take what’s yours. Protect yourself now and feel safer with your data, especially when dealing with banking online.

Alex Patel
Alex has paved a successful path as a software developer, with eight years of experience in the field. He is a master in his field, specializing in developing software components and improving malware detection. Alex has acquired vast knowledge in the area of cyber security, and is always looking for ways to share his knowledge.
COMMENTS
Choose your avatar