The Latest Cybersecurity Threat: Banking Trojans

Trojans are a broad category of malware that was first described as a theoretical computer vulnerability by the US Air Force in 1974. Since then, they’ve become some of the most insidious and dangerous types of malware in existence. One type, known as the banking trojan, specializes in stealing financial login credentials then quietly emptying bank accounts without users ever knowing.

Banking trojans are becoming more common in the business world. Read on to learn more about them, including one of the most famous examples, and how to protect a computer system from contracting one.

What Are Banking Trojans?

In a nutshell, a banking trojan is a type of malware that collects a user’s online credentials for their financial logins to quietly empty bank accounts. They’re one of the most common—and sophisticated—types of malware in existence.

Trojans are a category of malware that masquerades as legitimate software or files. Users may download the malware unwittingly through several sources:

  • Email attachments
  • Official app stores
  • Third-party websites
  • Flash drives or external hard drives
  • Compromised hardware

Trojans are further categorized by what they do once installed. Some delete data, some modify it, still others copy data or spy on users. More than a few are known to disrupt the performance of computers or networks. Many are designed specifically to provide backdoor access to a system as well as evade detection by standard antivirus software.

Trojans may also disguise other trojans. While early examples of the malware simply disguised themselves as legitimate software, it’s now possible to find trojans with multiple payloads. Emotet is one example.

Why Emotet Is So Dangerous

Emotet, also known as Geodo and Mealybug, is a banking trojan first identified and named by Malwarebytes in 2014. Commonly spread by email and embedded URLs, it first takes over an email then sends copies of itself to contacts in the email’s address book. Once it has tricked someone into downloading its attachment, it immediately begins sniffing out network resources and shared drives. Here, it moves laterally through machines to target credentials and drop other trojans.

Among trojans, Emotet is unusual in its ability to spread and evade detection. That makes it tremendously dangerous to business computers, especially those frequently containing sensitive information. In early 2020, the US Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) identified Emotet as one of the most active—and dangerous—trojans currently active.

According to CISA, Emotet is a particularly advanced trojan associated with high costs and destruction for infected networks. Its many advanced features include:

  • Rapid evolution: Since its discovery in 2014, Emotet has undergone countless transformations and evolutions. This makes it incredibly difficult to spot and prevent.
  • Signature-based detection evasion: Emotet is capable of masking its signatures—the telltale signs of malware presence. That means most consumer antivirus and malware programs can’t spot it.
  • Virtual machine awareness: Emotet can identify when it’s being run in a virtual environment, such as a sandbox. It presents false indicators to trick a computer into believing the sandbox is clean.
  • Sophisticated proliferation: Whereas many trojans cannot proliferate, Emotet moves quickly and aggressively to drop other trojans on a system or infect other systems.

How to Protect Against Emotet and Other Malware

Although difficult to remove, trojans are often easier to avoid than other types of malware. Protecting against malware like Emotet is straightforward. To minimize the risks of contracting malware:

1. Never open email attachments and be wary of running programs

Trojans are named after the Greek tactic because they require permission to enter a system. Unlike a worm, they don’t simply tunnel their way into a machine without the user expressly installing it. Therefore, establish a workplace policy to avoid sending or opening email attachments. Instead, use a secure file transfer to hand over materials.

Likewise, avoid running .exe programs on a company computer when the source isn’t 100 percent known. Restricting administrative rights (such as installing or modifying software) for typical users and running all administrative tasks through an IT department or IT services provider greatly reduces the likelihood of a malware infection.

2. Keep all software up to date

Hackers frequently take advantage of and rely on outdated antivirus and malware software and operating systems that haven’t been fully patched. Software updates often include security patches discovered by the developers before criminals, making them an easy way to avoid a data breach.

3. Use a firewall

Firewalls represent one of the most effective ways to prevent malware from spreading across a network. Always use a firewall both on individual computers and network resources such as servers or routers.

4. Protect your business email

Email is most often the conduit through which trojans are transmitted, so it is critical to deploy email security countermeasures. Services such as Barracuda and advanced spam filtering help provide another layer of protection from email-borne threats.

Prevent a Data Breach: CDS Can Help

Banking trojans are one of the latest and most common cybersecurity threats sweeping through the business world. These sophisticated pieces of software are difficult to spot and even harder to remove. Malware such as Emotet is specially designed to collect sensitive login credentials, proliferate virally, and avoid detection. However, since all trojans require permission before installation, taking steps to prevent installation can keep them off a system. Use cybersecurity best practices to stay safe.

CDS helps companies develop effective cybersecurity. Contact us now to get started.