In a recent report run by Action Fraud and the City of London Police, it has been found that banking malware now accounts for over 40% of recorded malware infections* in the UK. Banking malware is a type of software used by cyber criminals to target online bank accounts that allows them to obtain personal and financial details.
A computer or mobile device may become infected if it doesn’t have sufficient anti-virus protection, regular patches or software updates applied. Once a given machine is infected, a cyber criminal can remotely take control of the internal functions of the device. They can then begin to steal personal data and access online bank accounts, subsequently encrypting files and distributing malware to other computers.
When malware is present on a computer there’s normally a financial cost involved for the end user. This may involve having to buy anti-virus software products to protect the device or paying a ransom to regain valuable data and files.
For their part, businesses may experience a loss in revenue from a Distributed Denial of Service (DDoS) attack episode affecting a given company’s website.
Malware can be obtained from the Dark Web and may be downloaded either for free or purchased covertly by the cyber criminal. The price varies depending on the technical ability of the malware involved.
Computer users will unintentionally download malware by doing the following:
*Clicking on an infected file attachment in an e-mail
*Clicking on an infected website link
*Clicking on an infected link while present on a social media site
*Inserting an infected removal drive into the computer
*Downloading an infected file attachment on a text or via a mobile application
Four different methods
Most banking malware steals information by following four different methods:
*Cookie Grabbers: Cyber criminals steal information generated by the user while they’re using the Internet. This data may include banking passwords which then allow the criminal to access the user’s online bank account
*Virtual Network Computing: Cyber criminals remotely access the device and infect it with the malware (this commonly happens when a user is using a public Wi-Fi network)
*Spy Modules: These allow cyber criminals to observe web browser activities. The criminals are alerted when a user visits a specific website such as a banking site, which then allows them to make an attack
*Drive Scanner: Used by the criminals to search files and folders on the infected device and look for documents with passwords or other useful information
In a three-month period, the City of London Police was able to detect 280 different malware families, with banking malware accounting for 41% of all infections.
Ramnit is a type of banking malware that’s most popularly used by cyber criminals. According to Symantec, more than 3.2 million computers were infected globally by this type of malware over a five-year period (2010-2015).
In February last year, law enforcement and industry conducted an operation which led to a number of seizures of servers controlled by the Ramnit criminal group. It’s thought that this group is starting to re-emerge and pose a serious threat to all computer users.
Protection from banking malware
*Don’t click on links you receive in unsolicited e-mails or SMS messages. The links may lead to malicious websites and any attachments could be infected with malware
*Only install apps from official app stores, such as Google’s Play Store or Apple’s App Store. Jailbreaking, rooting or disabling any of the default security features on your mobile device may leave it more susceptible to malware infections at some point
*When logging in to your online banking account, be extremely cautious if you’re asked for details such as the three-digit (CVV) number on the back of your card, the long number on the front of the card, your card’s expiry date or the four-digit PIN for your card. If the online banking login page you’re on does ask for those details, then don’t log in until you’ve called your bank to verify that you’re logging in to a genuine web page
*Your bank will never ask you to transfer money out of your account and into another. Fraudsters will. If you receive messages, browser pop-ups or calls asking you to do this, don’t respond to them. Call your bank immediately
What to do if your computer has been infected
You can disinfect you computer for free by using specialist software from providers such as Microsoft and Symantec. The disinfection tools will identify whether a computer has been infected and, if so, disinfect it. The tool will cause no harm if used on computers that have not been infected.
If your computer has been affected you should change all of your passwords on banking, e-mail, social media and other potentially sensitive online accounts.
Chris Greany, the City of London Police’s Commander and National Co-ordinator for Economic Crime, said: “We live in an age where computers and mobile devices dominate our lives, both during work and in our leisure time. Cyber criminals are increasingly using malware to access our financial details, and constantly adapting it such that they can try and get ahead of the security measures put in place by law enforcement and industry.”
Greany continued: “Both members of the public and business managers need to be aware of this and accept the fact that, while it’s safe to use online banking, they should follow our protection advice which will help them to avoid their online bank accounts being compromised.”
*According to a report collated by Action Fraud and the City of London Police for the period 1 September-31 November 2015