January 30, 2017 By Mark Samuels 2 min read

Researchers have found another threat that users have to worry about. Security firm Cyren recently discovered a wave of fake emails sent to finance customers containing banking malware that uses keylogging techniques to collect sensitive information.

Banking Malware Spread Through Phishing

The malware takes the form of a keylogger, which is sent as an attachment in a fake email. The email subject normally includes a false payment update or notification of an online wire transfer.

According to Cyren, the fake emails derive mainly from bots based in the U.S. and Singapore. The attackers design the emails to look as if they are associated with major financial institutions.

Victims are encouraged to open the email attachment for information about their payments. Although the file resembles a PDF, it is actually an executable that launches the banking malware.

What’s the Impact?

Cyren researchers reported that the activated program creates a file in the startup folder in Microsoft Windows. The script runs and executes the malware each time a user restarts or logs in on an infected PC.

The malware searches compromised machines for sensitive data, including passwords, usernames and cookies associated with web browsing. It also seeks out cryptocurrency wallets, according to Banking Technology. Potential currencies at risk include bitcoin, bytecoin, devcoin and quarkcoin.

Cyren noted that the malware creates hooks for both the keyboard and mouse, meaning it records everything a user types and each movement of the mouse.

What Should Users Do Now?

Softpedia advised users to be especially wary of emails containing payment information they are not expecting to receive. This particular attack follows similar threats to other platforms and services. Last week, in fact, researchers reported that leaked source code could lead to even more banking Trojan attacks.

According to a Kaspersky Lab study, the number of users affected by financial malware rose by more than 22 percent in the fourth quarter of 2016, ITWeb reported. Users and IT managers must be aware that banking malware represents an ever-growing threat and utilize security best practices accordingly.

More from

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today