Defeating Banking Trojans: What Financial Institutions Need to Know

Sep. 14, 2018 | by BioCatch

Banking trojans were up 102% in the second half of 2017, and the threat isn’t slowing down. In recent weeks, two new forms of banking malware have emerged, targeting users in Mexico and Spain.

Dark Tequila, the banking malware hitting Mexico, is suspected to have been infecting computers for the past five years through email and USB devices. Though contained to Mexico for now, the malware could rapidly spread to other regions, continuing the theft of confidential banking information.

In Spain, BackSwap made its second appearance on the banking malware scene, hitting six of the country’s major banks. BackSwap targets personal banking accounts using man-in-the-browser (MitB) techniques to change the destination of funds. Researchers expect BackSwap attacks will increase and move into new countries by the end of year.

Banking malware variants like these are constantly becoming more elusive and targeted. A new Android trojan, for example, uses banking trojan functionalities to compromise mobile devices and trick users into handing over login information.

Even more concerning, it’s now easier to carry out a malware attack than ever before. Cybercriminals don’t need deep technical knowledge, just the right amount of funding, researchers at Positive Technologies found. Compromising and gaining control of a site costs surprisingly little — only $150. Price goes up for more challenging services. A targeted attack can run up a price tag of $4,500 or more — very little compared to what the fraudsters behind the attack might get out of it.

Banking trojans aren’t going away. But with the right cyber defenses, financial institutions can defend against emerging malware threats.

How a BioCatch Customer Thwarted a Banking Trojan

As financial institutions embrace digital transformation, cyber security solutions like behavioral biometrics are allowing them to keep online sessions secure and free of fraud.

One of BioCatch’s banking customers recently stopped a fraud attempt even though a hacker passed traditional authentication and device ID measures. Behavioral biometrics detected three fraudulent payment attempts intended to reach the same international beneficiary and flagged the transactions as high-risk. The bank blocked the payments, saving over £818K.

Being able to detect and stop banking trojans in real-time prevents significant fraud losses. Beyond a company’s bottom line, a malware attack severely erodes customer trust. When funds are stolen, customers naturally question the security of all their accounts, and may decide to take their business elsewhere.

Typically, it can take weeks, or years in the case of Dark Tequila, to uncover banking trojans. Behavioral biometrics detect targeted malware, bot activity, and MitB attacks in the moment through continuous authentication. Within a session, malware behaves differently than a legitimate user would. Continuous authentication monitors for anomalous behavior to alert banks of suspected fraud attempts.

Though banking malware is pervasive, monitoring for fraud based on behavior keeps financial institutions ahead of cybercriminals and new malware variants.

What is the true cost of cyber fraud to financial institutions? Are stronger fraud prevention solutions worth the investment? Find out by registering for our upcoming webinar: What Keeps a Bank's CFO Up at Night - the True Cost of Fraud to Your Business

Topics: Malware