New malware poses threat to online banking

by CXOtoday News Desk    Nov 29, 2013


Trojans targeting online banking system are witnessing a steady rise. Kaspersky Lab has identified a new malicious program capable of attacking the online banking systems across the world. The new threat Neverquest Trojan banker is claimed to bypass online banking security systems like the web injection, remote system access as well as social engineering.

According to the security firm, the period before Christmas and New Year holidays experiences high malicious user activity and posts regarding buying and selling databases to access bank accounts and other documents. The new Trojan is capable of stealing usernames and passwords to bank accounts along with the data entered by the user into the modified pages of a banking website, while the special scripts for Internet Explorer and Firefox are said to offer the malware with control of the browser connection with the cybercriminal’s command server.

Kaspersky Lab principal security researcher Sergey Golovanov believes that new malicious users are trying to fill these with new technologies and ideas. “Neverquest is just one of the threats aiming to take over the leading positions previously held by programs like ZeuS, ZBOT and Carberp,” he mentions.

Trojans including the ZeuS and its variations for example have surpassed the 200,000 mark, which is the highest number of infections recorded since 2002.

Another report by Trend Micro released earlier this month also indicates Trojans targeting online bankers surged within the quarter. The rise in malicious apps and malware designed to steal financial details are no longer concentrated in particular regions, says the report.

The Trend Micro’s Q3 2013 Security Roundup Report identified over 200,000 infections in the quarter ending September. The US, Brazil, India and Japan were identified as topping in the overall worldwide banking malware infections.

As consumers move to the convenience of online banking, criminals are developing tools at an exceedingly rapid pace to exploit a general lack of awareness. Golovanov states protection against threats such as Neverquest requires more than just standard antivirus; users need a dedicated solution that secures transactions. In particular, the solution must be able to control a running browser process and prevent any manipulation by other applications.