Money stealing malware: Banking trojans
There are, unfortunately, malware out there that targets your bank account without you realizing it until money is missing. These types of malware are called banking trojans, and the most advanced ones may avoid antivirus detection. This post will be a short summary of their capabilities, and no prior computer science education is needed.
These sneaky trojans work by spying on what you type on your keyboard as well as what’s shown on the screen, but may also feed you fake information intended to make you give away your banking log in credentials without you knowing it. This is done by hijacking your browser. Let’s take a look at how this can be done:
The trojan will “activate” as soon as it detects that you’re going to any large bank site or other popular financial services, prompting the trojan to hide the real log in page and instead put up a fake log in form that looks identical to the real deal. The fake form will of course take the information you put in there, and send it over to the criminal in charge of it.
This can even be done at log in pages that requires a second authentication other than passwords, such as keycards or generated one-time codes. The attacker is simply waiting for you to enter your credentials directly to their own computer, like this:
Step 1, a fake log in form that looks identical to what you’d expect on your bank or other financial sites, where you enter your password and username:
The attacker is watching this at his computer and once you press log in/next, the information you entered is sent to the attacker which immediately pastes it into the genuine log in screen at his computer.
Step 2, a fake loading screen is displayed while the attacker uses the log in credentials he just got.
Step 3, while the log in screen keeps loading for you, the final log in step with a keycode or similar, is displayed for the attacker on his computer, who then simply copies the information and sends it over to your fake log in.
You then fill in the code, press log on, upon which a new loading screen will show while the information you just put in is again sent to the attacker, who can now log in to your account. When he’s successfully logged in, a new fake page will load for you, saying that the service is temporarily unavailable.
The above is just an example of log in stealing of a second authentication method, it may vary depending on which banking trojan and which login method is used.
Banking trojans usually spread through infected word documents in emails, hacked social media accounts, or through exploit kits.
Warning signs that you may be infected with a banking trojan attempting to steal your credentials is unusually long loading periods when you log in and the sudden message that the service is currently unavailable at the end. This is why many financial and other sites handling sensitive/private information alert you at their front page that services are currently up and running as they should be. If you get an error despite this message, you may have been the victim of a banking trojan and should immediately contact your bank or other service you just attempted to log in to.