By Aleke Francis AO
Financial Trojans are a type of malicious software that target online banking systems and try to steal confidential information, such as login credentials, account numbers, and credit card details.
They can also manipulate transactions, redirect users to fake websites, or take control of the infected computers. Financial Trojans pose a serious threat to both individuals and organizations, as they can cause financial losses, identity theft, fraud, and reputational damage.
According to Symantec, a security software company, the infections by the most common financial Trojans rose by 337 percent in the first nine months of 2021.
This means that almost half a million computers are infected every month and are vulnerable to fraud. Symantec analyzed eight online banking Trojans and found that they target more than 1,400 financial institutions in 88 countries. The most frequently attacked bank is in the US and is present in 71.5 percent of the Trojans’ configuration files.
Some of the most dangerous financial Trojans are:
Zeus: Also known as Zbot, this Trojan emerged in 2007 and became widely available in 2011. It infects Windows users and tries to download configuration files and updates from the Internet. It can record screen shots or videos, spoof login webpages, or alert the attacker when the victim is in a banking session.
Gameover: This is a variant of Zeus that uses a peer-to-peer communication network instead of a single command and control server. It is distributed through spear-phishing campaigns and can set up proxies on the victim’s computer or use remote access tools to gain direct access to the compromised device.
Cridex: This Trojan is also known as Dridex or Bugat and is spread through spam emails with malicious attachments. It can inject code into browsers, steal certificates, or use web injects to modify banking webpages.
Shylock: This Trojan is named after a character from Shakespeare’s play The Merchant of Venice and targets mainly European banks. It can inject code into browsers, use web injects to modify banking webpages, or use remote access tools to gain direct access to the compromised device.
How to protect your organization from financial Trojans?
Financial Trojans are constantly evolving and becoming more sophisticated, so it is important to take preventive measures to protect your organization from these hidden threats. Some of the best practices are:
Education: Educate your employees about the risks of phishing emails and how to spot them. Phishing emails are one of the main ways that financial Trojans are delivered to unsuspecting users. They often contain urgent or enticing messages that prompt users to click on links or open attachments that contain malicious code. Employees should be trained to verify the sender’s identity, check the URL’s spelling and domain name, and avoid opening suspicious attachments or links.
Strong Password: Use strong passwords and multi-factor authentication for your online banking accounts. Strong passwords are hard to guess and should be changed regularly. Multi-factor authentication adds an extra layer of security by requiring a second factor, such as a code sent to your phone or email, or a biometric feature, such as a fingerprint or face scan, to access your account.
Software Update: Keep your software updated and use antivirus software. Software updates often contain patches that fix security vulnerabilities that could be exploited by financial Trojans. Antivirus software can detect and remove malicious programs from your computer and prevent them from running in the background.
Regular Account Monitoring: Monitor your bank statements and transactions regularly. If you notice any unusual or unauthorized activity on your account, report it immediately to your bank and change your password. You should also check your credit report periodically for any signs of identity theft or fraud.
What to do if you are hit by a Financial Trojan?
If you suspect that you or your organization have been hit by a Financial Trojan, you should take the following steps as soon as possible:
Disconnect: Disconnect your computer from the internet and any other networks to prevent the malware from spreading or communicating with the attackers.
Scan: Scan your computer with a reputable antivirus software and remove any detected threats. You may need to use a bootable antivirus disk or USB drive if your system is too compromised to run normally.
Password Change: Change your passwords for all your online accounts, especially your banking and financial accounts. Use strong and unique passwords for each account and enable multi-factor authentication if possible.
Contact Bank: Contact your bank and other financial institutions and inform them about the incident. They may be able to help you recover any lost funds, freeze your accounts, or issue new cards or credentials.
Monitor Account: Monitor your bank statements and credit reports for any suspicious or unauthorized activity. Report any fraud or identity theft to the relevant authorities and agencies.
Security Review: Review your security practices and policies and implement measures to prevent future attacks. These may include educating yourself and your employees about the risks of phishing emails and malicious attachments, keeping your software updated and patched, using encryption and VPNs for sensitive data, and backing up your data regularly.
Financial Trojans are a serious threat that can compromise your security and finances. By being aware of these hidden dangers and taking preventive steps, you can protect yourself and your organization from becoming a victim of these malicious attacks.
Aleke Francis AO is a Cybersecurity expert, CyberThreat Intelligence Analyst, Researcher and an InfoTech blogger – afraexkonsult@gmail.com, 08062062303