PandaLabs: banking Trojans evolve into more dangerous forms
Panda Software reports that 20% of all Trojans detected by Panda ActiveScan in 2021 turned out to be banking. Banking Trojans designed to steal financial information are on the rise. One of the last examples, the StealAll Trojan.A, embeds a DLL into the Internet browser to steal information entered by users in online forms.
As reported by PandaLabs, 53.6% of new malware that appeared in 2021 was Trojans. And 20% of all Trojans detected by Panda ActiveScan in 2021 are banking Trojans. It was this category of Trojans that was most often encountered in the analysis.
The rapid development of banking Trojans can be easily explained by the fact that financial institutions are now taking additional security measures, for example, introducing virtual keyboards to protect against traditional keyloggers, which record the keys pressed by the user.
However, cyber criminals manage to stay several steps ahead of such security measures. Just a few months ago, PandaLabs discovered Banbra.DCY – a banking Trojan designed to record video frames in order to see exactly what letters the user is typing on the virtual keyboard.
Another widespread technology is used by Trojans for Pharming. This scam consists of secretly changing the DNS (domain name system) address, which usually directs the user to the path to web pages, redirecting them to fake banking and financial pages that intercept user-entered confidential data. Banker.CHG is a typical example of a Trojan designed specifically for pharming.