Categories
Malware

Top Most Dangerous Banking Malwares

Emotet Banking Trojan Horse – Emotet malware is basically a banking Trojan, was first identified in 2014. Emotet malware has the ability to distribute other banking malware. Department of Homeland Security described Emotet malware as one of the most costly and destructive malware. Threat actors designed Emoted as banking malware to steal private and confidential information by intercepting internet traffic, but later versions of Emotet are more advanced than previous versions. Later versions of Emotet are being spread through spam emails, they can also distribute other malwares. Earlier versions of emoted was just a malicious Javascript file, but later versions of Emotet use macro-enabled documents to retrieve the virus payloads from command and control( C&C ) servers.

Ursnif Banking Trojan Horse – Ursnif is a type of banking Trojan horse, which is also known as Gozi. Cyber criminal use this malware to steal passwords and other sensitive information from infected devices. Ursnif is delivered via malicious spam email (malspam). You can find in the malicious spam email a link to a zip file. The Zip file contains a Javascript file which upon execution download and execute Ursnif Trojan horse, aka Gozi banking Trojan horse. Ursnif banking Trojan comes with advanced and sophisticated techniques. Ursnif banking Trojan is capable of performing web injections and stealing banking credentials from the infected devices, as per Symantec report.

IcedID Banking Trojan Horse – IcedID is a type of banking Trojan horse discovered by IBM Global service in September 2017, when the first test campaigns were launched by threat actors. Threat actors designed it to steal information such as credentials from infected devices, but IcedID  banking Trojan has the ability to  perform web injections like attacks on browsers and can also acts as a proxy to inspect and manipulate traffic. This malware targets banking sectors, payment card providers, Telecommunication sectors etc. IcedID is being spread by malicious spam email spam campaigns.  Spam email contains malicious an attached Microsoft Word Document. Ones this malicious attached Microsoft Word Document get executed, the IcedID Trojan horse creates the following registry key, according to Symantec threat research.

HKEY_USERS\[USER NAME]\Software\Microsoft\Windows\CurrentVersion\Run

According to IBM Global Services report IcedID “has a modular malicious code with modern banking Trojan capabilities comparable to malware such as the Zeus Trojan”.

Trickbot Banking Trojan Horse – Trickbot is a banking malware, a trojan horse type malware. It was first developed in 2016. Trickbot banking Trojan horse targets banking sites and steals login credentials from the targeted banking sites. Besides targeting banking sites and stealing login credentials from targeted banking sites, Trickbot Banking Trojan Horse has the ability to steal from Bitcoin Wallets, and harvesting emails. According to TrendMicro threat research Trickbot Banking Trojan Horse is spreading via spam email, which contains malicious attachment. Trickbot Banking Trojan Horse can also spread via malicious websites, upon visiting the malicious websites anyone can get infected with Trickbot Banking Trojan Horse. If Trickbot Banking Trojan Horse infects a device this Trojan drops the following copies of itself into the affected system:

%Application Data%\WINYS\{malware file name}.exe
%System Root%\mswvc.exe
%System%\mswvc.exe

Anubis Banking Malware – It can steal PayPal login & other credentials and lock files on Android mobile devices. Anubis is one of the top prominent threats in the wild, having the capability of data-stealing. Other than this other features are, keylogger capabilities, motion-based evasion techniques, providing threat actors with RAT backdoor access, SMS/Message interception and ransomware like file locking feature.

Security researchers at Sophos, described it as..
"The built-in ransomware component encrypts user files and gives them .Anubiscrypt file extension. Remember, this runs on a phone, which is even less likely to be backed up than a laptop or desktop, and more likely to have personal photos or other valuable data"

Zeus Banking Malware – Zbot, or Zeus is a banking trojan which uses keystroke logging to steal confidential information from victim’s compromised system when the user visits a banking website. With the release of Zeus malware source code in year 2011, many other different malware variants acquired parts of it’s codebase.

In year 2009, more than 3.5 million infected computers with Zeus. It compromised more than 70,000 FTP accounts on such a big and important company’s networks as those of Amazon, ABC, Bank of America, Cisco, NASA and Oracle.

Dridex Banking Malware – Dridex is a banking malware variant that leverages malicious macros in Microsoft Office to infect systems with malicious embedded links and attachments. Dridex is disseminated via a malicious spam email/spam campaign with a Microsoft Word document attached to the message.