Light Dark
January 30, 2017 By Mark Samuels 2 min read

Researchers have found another threat that users have to worry about. Security firm Cyren recently discovered a wave of fake emails sent to finance customers containing banking malware that uses keylogging techniques to collect sensitive information.

Banking Malware Spread Through Phishing

The malware takes the form of a keylogger, which is sent as an attachment in a fake email. The email subject normally includes a false payment update or notification of an online wire transfer.

According to Cyren, the fake emails derive mainly from bots based in the U.S. and Singapore. The attackers design the emails to look as if they are associated with major financial institutions.

Victims are encouraged to open the email attachment for information about their payments. Although the file resembles a PDF, it is actually an executable that launches the banking malware.

What’s the Impact?

Cyren researchers reported that the activated program creates a file in the startup folder in Microsoft Windows. The script runs and executes the malware each time a user restarts or logs in on an infected PC.

The malware searches compromised machines for sensitive data, including passwords, usernames and cookies associated with web browsing. It also seeks out cryptocurrency wallets, according to Banking Technology. Potential currencies at risk include bitcoin, bytecoin, devcoin and quarkcoin.

Cyren noted that the malware creates hooks for both the keyboard and mouse, meaning it records everything a user types and each movement of the mouse.

What Should Users Do Now?

Softpedia advised users to be especially wary of emails containing payment information they are not expecting to receive. This particular attack follows similar threats to other platforms and services. Last week, in fact, researchers reported that leaked source code could lead to even more banking Trojan attacks.

According to a Kaspersky Lab study, the number of users affected by financial malware rose by more than 22 percent in the fourth quarter of 2016, ITWeb reported. Users and IT managers must be aware that banking malware represents an ever-growing threat and utilize security best practices accordingly.

 |  |  |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature