Here Are 10 Most Notorious Money Pilfering Malware

by Priyanka Pugaokar    Apr 20, 2016

Ransomware The year 2015 witnessed an unprecedented rise in cyber crimes across the geographies. Ransomware, which has emerged as the most notorious cyber crime in recent year has posed a serious threat to the organization across the verticals. Ransomware have emerged as the most dangerous and sophisticated cyber crime which are taking a serious toll on business. The total cost of ransomware attacks globally are estimated to be about US$315 billion 2015. The finance sector was the biggest victim of ransomware, with banks, investment funds and exchanges including bitcoin facing rising cyber attacks. 

Here are some of the most notorious ransomware which have poised a serious threat to individuals as well as institutes. 


CryptoWall is one of the most dangerous variant of ransomware which has snatched sleep of organizations worldwide. The variant which appeared in early 2014, has affected over 6 million computers worldwide till 2015. In CryptoWall spam campaigns, the emails usually contain a malicious attachment such as fax report, invoice etc. and include a message attempting to convince the user to download the file. Once the user opens the attachment, the variant sneaks into the system. Writers of CryptoWall ransomware believed to have raised more than $325 million (£212 million) ransom in 2015. 


CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows. It is believed to have first been appeared in 2013. CryptoLocker infections have been found across different regions, including North America, UK, Europe, Middle East and the Asia Pacific. Major organizations, including New York Times, BBC, AOL and the NFL have been hit by Cryptolocker malvertising. CryptoLocker infected over 50,000 machines in the corporate environment last year. According to Kaspersky, a hacker group raked in $2.5 million to $10 million per successful attack in 2015.


TorrentLocker is a type of cryptographic ransomware, which is gaining increasing popularity in the security domain. The first modifications of this family were observed in February 2014, and as of December 2014 at least five major releases of this malware have been discovered. Current versions of this malware demand ransom payments through the Bitcoin system and host its payment webpages in the Tor network. TorrentLocker infected at least 39,000 computer systems worldwide, including more than 9,000 in Australia in 2014. According to the ESET research, hackers were believed to receive up to US$585,000 in Bitcoins as ransom in the same year.


Zeus is the most notorious banking malware used to steal targeted login credentials, intercept online banking transactions, and breach financial systems. Detected in 2007, it is a trojan horse malware package that runs on versions of Microsoft Windows. Since its creation, the trojan has infected tens of millions of computers worldwide. The Zeus family grew from 400,000 detections in 2012 to nearly four million in 2014. The virus has also infected enterprises in the emerging economies like India. The country was the third most affected country  by the notorious Zeus malware-attack after US and UK in 2013. Zeus Gameover, SpyEye, Ice IX, Citadel, Carberp, Bugat, Shylock, Torpig are some of the notorious trojans of the Zeus family widely used by cyber criminals to execute financial crimes. 


SpyEye is a trojan horse computer worm. It has reportedly infected about 1.4 million computers worldwide since it debuted in 2009. Like Zeus, attackers use SpyEye to steal targeted login credentials, intercept online banking transactions, and breach financial systems. In a big success in the fight against the cyber crimes, the Law enforcement agencies from six different European countries have recently cracked a major Ukrainian-based cyber criminal gang suspected of developing, distributing and deploying Zeus and SpyEye banking malware. According to the report on the official website of Europol, authorities have arrested five suspects who have been accused of infecting thousands of computers worldwide with malware and banking trojans.


Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. This worm originally targeted users of social networking websites like Facebook, Skype, Yahoo Messenger, and email services such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites such as MySpace, LinkedIn and Twitter and can infect other devices on the infected computer’s local network. This infection allows an attacker to access users’ personal information such as banking information, credit card numbers, usernames & passwords by using a Keylogger. 

The Conficker worm has infected millions of computers, including government, business and home computers in over 190 countries. According to the report of Checkpoint, Conficker was the most common malware used to attack the UK and international organizations in 2015, accounting for 20 percent of all attacks globally. The Conficker Working Group, which tracks the number of unique IP addresses on the internet that are infected with Conficker, estimated that over 600,000 unique IP addresses remain infected by the malware in 2015.


Sykipot is an APT malware family that is around since 2007 and is used as a backdoor to fully control the victim’s machine. Once the machine is infected, the backdoor communicates with the C&C server to execute several kinds of commands on the affected system. Sykipot APT malware family has been used by cybercriminals on targeted attacks in order to steal sensitive information from key industries. This malware family is also able to send and receive files to and from the C&C server and to configure a delay timer for the next communication time with the C&C server.


Dridex is another sophisticated banking trojan that targets login credentials for banks globally via Man-in-the-Browser exploits, similar to Zeus banking malware. Dridex relies on phishing to carry out malicious activities. It has executed malicious code on victim PCs via executable attachments, and Microsoft Word documents containing macros that download a second-stage payload, which then downloads and executes the trojan. Dridex has recently relaunched attacks in UK by intensifying focus on business accounts. According to IBM X-Force researchers, the Dridex banking trojan has been updated with a new attack methodology that leverages a similar redirection attack scheme used by the Dyre trojan. 


Dyer is another notorious banking Trojan is targeting login credentials for banks globally via Man-in-the-Browser exploits, similar to Zeus banking malware. Dyer uses infected victim PCs to harvest credentials for bank accounts and other online services. Dyre banking trojan is widely used in APT-style attacks against enterprises. The trojan was used in a large-scale, credential-phishing campaign targeting Bank of America, Citigroup, Royal Bank of Scotland and JPMorgan Chase customers in 2014. 


Vawtrak is a backdoor trojan able to spread itself via social media, email and file transfer protocols. After it infects a victim PC, Vawtrak steals bank account credentials and sends them to its command-and-control server. The hacker can use a virtual network computing (VNC) server to take control of the compromised computer and use it to access the bank account and perform the theft. 

Vawtrak also can modify the content of a web page and inject rogue forms on bank sites. It uses a classical Man-in-the-Browser attack similar to Zeus. It also can recognize hundreds of financial institutions and contains a function that monitors certain keywords, allowing the cyber criminals to expand the list of targeted banks. Vawktrak is largely infecting banking, gaming and social network users mainly across the countries including UK, US, and Germany. Although, users in Australia, New Zealand, and across Europe are also affected.

The list does not stop here. Malware writers create millions of viruses and trojan everyday. Since most of the malware and trojan are not detectable by modern antivirus tools, the best way to avoid this threat is to remain vigilant while conducting online banking transactions. Awareness and robust security mechanism are the only ways to fight with such sophisticated malware.