253% increase in Online Banking Malware Infections in India in Q3 as compared to Q2

The online banking malware volume surged this quarter. They spread across the globe and no longer concentrated on certain regions like Europe and the Americas. Trend Micro continued to see this trend, with infection counts going beyond the 200,000 mark, the highest infection number since 2002. 

“Threat actors are pouncing on users’ banking transactions, with the likes of FAKEBANK and FAKETOKEN malware threatening users,” says Dhanya Thakkar, Managing Director, India & SAARC, Trend Micro. “As with other app types, users may encounter Trojanized or fake apps disguised as legitimate banking apps. Cybercriminals will use different tricks to mimic legitimate apps. They can use the same images and icons or closely imitate the publisher’s name.”

A large portion of online banking malware infections were due to ZeuS/ZBOT Trojans. ZeuS/ZBOT variants were, in fact, the most distributed malware by spam this quarter. New ZBOT variants emerged, specifically KINS malware, which came armed with anti-debugging and anti-analysis routines.

Citadel variants, meanwhile, continued to plague Japan, particularly targeting financial institutions and varied Webmail services like Yahoo!® Japan and Gmail™, among others.

The FAKETOKEN malware meanwhile mimics the token generator app of a financial institution. Users who wind up with this malicious app end up giving out their password to avoid receiving an error message. Once users enter their password, the malware generates a fake token and sends the stolen information to a specific number.

“Once installed, it uses the Google Play icon to stay low-key,” suggests Dhanya Thakkar. “During installation, it replaces parts of legitimate banking app files with malicious code, but it does not modify their icons and user interface. Once users access these apps, they unwittingly give out their account information. Aside from this, FAKEBANK also steals call logs and received text messages.”

And despite the focus on the escalating state of mobile malware, it’s worth remembering that threats can be simpler than users think. “Losing a phone by accident or via theft can have dire consequences, especially if it isn’t secured with a PIN or pattern and its owner leaves his online banking account open in it,” Thakkar added.

Comments