Banking Trojans

Banking trojans have become a rather common way to go after businesses through either massive spam campaigns or targeted attacks, according to Jerome Segura, lead malware intelligence analyst at Santa Clara, Calif.-based Malwarebytes. These trojans are delivered either via macros or through exploits in the office document, Segura said, with a loader called Emotet becoming particularly popular.

Banking trojans can provide access to a user's banking credentials, browser credentials or bitcoin wallet, and Segura said that information can be monetized by either selling it on the Dark web or using it to gain access to more valuable parts of the network. Although banking trojans aren't as easy to monetize as ransomware, Segura said they have the benefit of being less visible and noisy.

Some banking trojans are specially configured for particular geographies such as Swiss banks, British banks or Canadian banks, Segura said, and carry out their activity through web injections or man-in-the-middle attacks. After a user logs into a banking application or website, the trojan could inject a different set of authentication questions for the user to answer, thereby capturing their credentials on the fly.