Securing the Digital World

Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware

Oct 24, 2018 | by Heidi Bleau |

Financial malware is prevalent. In Q2, it accounted for about one out of every six fraud attacks observed by RSA. Roughly 60% of all malware is delivered via malspam campaigns today, according to the Center for Internet Security. There are many types of financial malware, each with their own unique functionality, but still the most common features include keylogging, the use of RAT tools, and ransomware.

Despite the core functionality, malware designed to commit financial cybercrime has one end goal: to gain access to a consumer's personal and financial information. The problem is that most financial malware is capturing much more than only bank account details or passwords; it is capturing a complete log of everything on the infected device.

RSA has observed this trend for years. As we became more mobile as consumers and employees, it was common to conduct business for both our personal and professional lives using the same device. In time, it was also common for RSA intelligence analysts to discover much more than stolen bank account or credit card information in a Trojan drop zone. Looking back, here is a small sample of the astounding finds RSA uncovered stolen by financial malware.

  • Online Dating. On a popular online dating website, users are allowed to pose questions to a potential date. One suitor asked, "As a former employee of the government, is there anything in your past I should know about?"
  • Attention All Burglars. Malware captured the following message that was sent by one online user: "When you come into the house, enter this alarm code into the keypad." Enough said.
  • Password Changes. A popular virtual gaming website was offering a trial for new gamers. One online user applied, and selected "nightmare" as his password, but it wasn't strong enough. He then selected "nightmare8" and was advised by the site that it still wasn't strong enough. So he selected "nightmare89" which the site indicated was "strong." Not that strong when the malware on his computer captured all three passwords.
  • Political Activism. Malware captured the message of one activist U.S. citizen who wrote to his Senator: "Do you really think this is what needs to be done? You morons in the government need to get a clue. I am taxed enough as it is. This is nothing more than highway robbery!"
  • Housing Benefit Fraud. Malware captured an anonymous complaint filed on a government website that stated a certain Mrs. Fields "receives housing benefits and doesn't pass it on to the owners of the property!" Mrs. Fields is slim, has tidy blonde hair and drives a silver Land Rover, said the anonymous report. Did we say anonymous? Well, not really considering the report was filed from Mrs. Field's laptop.
  • Unhappy Rich. An employee at a large IT company recently shared with a friend that he was less than thrilled about his recent transfer to Europe. How do we know? Because the Trojan on his computer stole the following email: "I have a Ford Focus. It's very small. In fact, everything here is small. The gas is $7/gallon. My corporate VPN just crashed and I cannot get anywhere on the corporate network."
  • Internal Memos. A large manufacturing company was in the process of changing its ERP systems. They hired a consultant to run the project. One of the internal memos within the consulting firm read: "We are being asked to evaluate the following five criteria. I can do the first four, but I have no clue about the fifth, it's rather stupid. What do you suggest we do?" One suggestion: Do not discuss customer projects from a computer infected with malware.
  • Job Seekers. An employee of a large aerospace company was infected with malware which stole his Protected Storage (why on earth is it called protected?) – including his access codes to the company where he works. The next entry in the Protected Storage was the access codes to jobs at his company's biggest competitor. Someone is looking for a new job.
  • Corporate Financial Records. An employee of a global company that was working overseas received an email from the headquarters of his parent company based in the U.S. The subject line of the email: "Sales projections and profit plans." Attached was an Excel spreadsheet with every bit of information you would want to know about before deciding to invest in the company.

We hear so much these days, "Be careful what you share online." But that advice is moot if you happen to be working from a device infected with malware. Privacy is thrown out the window.

Nobody is immune from the effects of malware. As the lines of our personal and professional life continue to blur, we must not only think of the safety of our personal information, but also the data of the business we work for. Here are some tips to consider employing to ensure the safety of your digital identity.

  1. Think before you click. We believe by now that most people will not fall for phishing scams but the truth is they still work and account for more than 40% of fraud attacks this year. But it's not just phishing scams that lead consumers to malicious sites. Fraudsters are employing new tactics such as poisoning legitimate online forums and social media sites with posts that contain malicious links.
  2. Minimize downloads. When using a laptop or PC, ensure your security is set at a high enough setting to prevent unauthorized downloads. Drive by downloads are a common tactic used by cybercriminals to download malicious software to your computer and can occur even when accessing a legitimate website. As for mobile devices, we are a population consumed by app downloads so minimizing may not be an option. More important is to read the permissions requested by the app. You will be surprised by the type of data most apps request access to on your device if you take the time to read.
  3. Use biometrics when available. Malware is capable of capturing every single thing you type. So even if you change your password or create a strong password, it will not evade the eyes of malware. All recent mobile device models and many popular mobile apps offer biometrics options to be used in place of passwords and cannot be captured or intercepted by malware. Use a biometric whenever possible.

One of the fastest growing fraud threats is the rise in cybercrime activity on social media platforms. Learn more about this and other cybersecurity trends to be on the lookout for in RSA's report, "2018 Current State of Cybercrime."