What is a Banking Trojan?

Banking Trojans are malware designed to collect online banking credentials and other sensitive information from infected machines. This information, once exfiltrated to an attacker, can be used to steal money and commit other forms of fraud, such as identity theft.

Contact Us Download the White Paper

How Do Banking Trojans Work?

Banking trojans, a type of Trojan horse malware, typically gain access to a computer by pretending to be legitimate software. For example, a Trojan may be distributed as a malicious attachment to a phishing email or downloaded as part of a cracked or fake copy of legitimate software.

Once installed on an infected machine, banking Trojans can collect online banking login credentials and other sensitive information in various ways. Some methods include dumping cached credentials from the system and web browsers, monitoring the system keyboard, searching the filesystem for stored passwords, and using a keylogger to collect login details when a user browses to target websites.

The Threat of Banking Trojans

The primary goal of a banking Trojan is to steal login credentials and other sensitive information. This stolen data can be used to take over a user’s account on the online banking service, steal money, and potentially perform identity theft and other forms of fraud. Banking Trojans are a popular form of malware because they provide cybercriminals with a direct means of monetizing their attacks.

Banking Trojans are also dangerous because they act as remote access Trojans (RAT) and give an attacker the ability to remotely control the malware installed on an infected system, which can be used to carry out other attacks as well. For example, many banking Trojans are commonly used to drop ransomware as well, enabling cybercriminals to carry out multi-stage attacks once they gain access to an infected computer.

Examples of Banking Trojans

Some of the most dangerous and prolific banking Trojans include the following:

  • IcedID: The IcedID banking Trojan was first discovered in September 2017. The Trojan spreads via mail spam and different malware such as Emotet campaigns and uses a variety of techniques to hide its presence on infected systems.
  • Ramnit: Ramnit first emerged in 2010 and is a modular Trojan, allowing it to deploy a wide range of capabilities. Its theft of web session information allows it to steal credentials for more than just online banking sites.
  • Hydra: Hydra is a banking Trojan that targets Android devices and first emerged in 2019. This malware abuses mobile app permissions to gain access to finance credentials.
  • Dridex: Dridex includes both banking Trojan and botnet functionality and is delivered via spam and exploit kits. This malware uses WebInjects to redirect login attempts to an attacker-controlled server for credential theft.

Banking Trojan Detection

A successful banking Trojan infection places an individual’s finances and identity at risk. Some means of detecting these infections include the following:

  • Endpoint Security: Banking Trojans are malware and perform various suspicious and malicious activities on infected machines. An endpoint security solution should be able to identify and remediate a banking Trojan infection on a protected system.
  • Account Monitoring: Banking Trojans are designed to steal login credentials for online banking for the cybercriminal’s use. Monitoring these accounts for anomalous login attempts can help to identify if a user’s account has been compromised by a banking Trojan or other means.

How to Defend Against Banking Trojans

Companies and individuals can protect against banking Trojans via various means, including the following:

  • Employee Training: Banking Trojans typically use trickery to gain access to employee systems. Training employees regarding the threats of phishing, malicious downloads, and other common malware delivery mechanisms can help to mitigate the banking Trojan threat.
  • Email Security: Banking Trojans are commonly delivered via phishing attacks. Email security software can identify malicious links and attachments in emails before they are delivered to the intended recipient’s inbox.
  • Endpoint Security: Endpoint security solutions can identify and block Trojans from gaining access to a system or can help to remediate an existing infection.
  • Multi-Factor Authentication (MFA): Banking Trojans are designed to steal login credentials for online financial services. Enabling MFA wherever possible makes these credentials more difficult for an attacker to use by requiring them to steal additional pieces of sensitive information to log in.
  • Credit Freezing: Credit freezing prevents additional accounts or loans to be taken out in a person’s name. Freezing credit can help to mitigate the risk of identity theft due to a banking Trojan infection.

Prevent Banking Trojan Infections with Check Point

A banking Trojan infection poses a significant risk to personal security. In addition to compromising the login credentials needed to steal money from online accounts, the malware can also collect sensitive personal information for use in identity theft and other fraud.

Managing the threat of banking Trojans requires diligence by all parties. Financial institutions can protect themselves and their customers by monitoring for suspicious logins that could indicate accounts compromised by a banking Trojan. On the user side, deploying an endpoint security solution such as Check Point’s Harmony Endpoint can prevent infections by banking Trojans and other malware. To learn how Harmony Endpoint can protect your organization and its employees, sign up for a free demo today.

Get Started

Cyber Security Solutions for Banks

Endpoint Security Solutions

Zero Trust Security

Advanced Endpoint Protection

Related Topics

What is a Trojan 

EDR Security

What is Malware

Cyberattacks on Banks

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK