Increased online banking threats and availability of sophisticated, inexpensive malware toolkits are among the growing concerns cited in Trend Micro’s Q2 2013 Security Roundup Report. The report warns users about the increasing hazards of online banking. The online banking malware saw 29% increase from the previous quarter- from 113,000 to 146,000 infections.
“We found an online banking malware that modifies an infected computer’s HOSTS file to redirect a customer of certain banks to phishing sites. We also saw more Citadel variants (detected as ZBOT) targeting different financial service institutions. These malware not only target the big banks but also smaller ones, including those that exclusively cater to online banking customers. As predicted, cybercriminals carried out developments in malware distribution and refinement for existing tools,” said Dhanya Thakkar, Managing Director, India & SAARC, Trend Micro.
More online banking threats were seen in different countries this quarter, specifically in Brazil, South Korea, India and Japan. These highlighted the need for increased awareness of online banking security. Cybercriminals also came up with more diverse attacks that used various social engineering lures, single sign-on (SSO) and multiprotocol services, and blogging platforms for their malicious schemes.
The FAKEBANK malware spotted this quarter spoofs legitimate apps. It contains specific Android application package files (APKs), which it copies to a device’s Secure Digital (SD) card. Using the APK files, the malware displays icons and a user interface that imitates legitimate banking apps. This technique is reminiscent of PC banking Trojans that monitor users’ browsing behaviors and spoofs banking sites.
As predicted, cybercriminals have not generated completely new threats and instead opted to repackage old ones. The online banking malware volume significantly increased this quarter due in part to the rise in the ZeuS/ZBOT malware volume in the wild. Online banking threats are spreading across the globe and are no longer concentrated in certain regions like Europe and the Americas.
In the cybercriminal underground, the CARBERP source code was “leaked,” making the creation of banking Trojans even easier to do for bad guys. Meanwhile, other online banking Trojan toolkits like ZeuS, SpyEye, and Ice IX are already available for free, making it easier for any skilled hacker to obtain their source codes.