Researchers have found another threat that users have to worry about. Security firm Cyren recently discovered a wave of fake emails sent to finance customers containing banking malware that uses keylogging techniques to collect sensitive information.

Banking Malware Spread Through Phishing

The malware takes the form of a keylogger, which is sent as an attachment in a fake email. The email subject normally includes a false payment update or notification of an online wire transfer.

According to Cyren, the fake emails derive mainly from bots based in the U.S. and Singapore. The attackers design the emails to look as if they are associated with major financial institutions.

Victims are encouraged to open the email attachment for information about their payments. Although the file resembles a PDF, it is actually an executable that launches the banking malware.

What’s the Impact?

Cyren researchers reported that the activated program creates a file in the startup folder in Microsoft Windows. The script runs and executes the malware each time a user restarts or logs in on an infected PC.

The malware searches compromised machines for sensitive data, including passwords, usernames and cookies associated with web browsing. It also seeks out cryptocurrency wallets, according to Banking Technology. Potential currencies at risk include bitcoin, bytecoin, devcoin and quarkcoin.

Cyren noted that the malware creates hooks for both the keyboard and mouse, meaning it records everything a user types and each movement of the mouse.

What Should Users Do Now?

Softpedia advised users to be especially wary of emails containing payment information they are not expecting to receive. This particular attack follows similar threats to other platforms and services. Last week, in fact, researchers reported that leaked source code could lead to even more banking Trojan attacks.

According to a Kaspersky Lab study, the number of users affected by financial malware rose by more than 22 percent in the fourth quarter of 2016, ITWeb reported. Users and IT managers must be aware that banking malware represents an ever-growing threat and utilize security best practices accordingly.

more from

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat group ITG23 (aka the Trickbot/Conti…

X-Force 2022 Insights: An Expanding OT Threat Landscape

This post was written with contributions from Dave McMillen. So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of two new OT-specific pieces of malware, Industroyer2 and InController/PipeDream, and the disclosure of many operational technology (OT) vulnerabilities. The OT cyber threat landscape is expanding dramatically and OT…