Sneaky malware lurks on your computer until you log into your bank
By Oriya Anand, MarketWatch
Banks worldwide have seen about 400 cases of a new malware that silently lurks on browsers until it sees that users are visiting banking websites, and then kicks into high gear to steal information, according to a Tokyo-based antivirus company.
The new strain starts with an old tactic: Spam. Messages detail financial transactions and include a link, but instead of luring users to phony websites to trick them into typing their banking credentials, the malware stealthily injects malicious code into the browser so it can later detect when the customer is banking online, according to Trend Micro.
“It’s going to have graphics and terminology that would make you believe, hey, that sounds pretty legitimate,” says JD Sherry, vice president of technology and solutions at Trend Micro. “Once you click on that, you don’t have intelligence to basically say that’s a bad link. The device is going to download that particular malware.”
Last year saw a million new strains of banking malware, double the prior year’s volume, according to Trend Micro. The new variant, called Emotet, first cropped up largely in Germany, with 75% of cases across the Europe, the Middle East and Africa. The remaining 25% of complaints came from across the Asia-Pacific, the U.S. and Japan.
The Emotet malware makes its way to users via spam messages that mimic bank transfer notices and shipping invoices. Germany is among the countries with victim banks.
Most banking malware follows the model of Gameover Zeus, a network that international law enforcement authorities seized control of in June.
Gameover Zeus lifted banking credentials from as many as 1 million infected Microsoft Windows computers by intercepting online transactions to bypass two-factor authentication and displaying fake security messages to gain credentials, nabbing more than $100 million.
One of the classic giveaways of spam is that the messages are usually filled with poor grammar and spelling. With Emotet, though, the nasty messages are less conspicuous.
And the new malware mitigates one of the telltale signs that a computer is part of a botnet (a network of infected machines, or robots) by hiding until people enter banking websites, rather than slowing applications down by continually running.
The new malware makes two computer rules more critical, Sherry says. Download an antivirus program from a reputable security company, and don’t click on anything you didn’t actively search for or land on through your own browsing.