News Stay informed about the latest enterprise technology news and product updates.

Symantec researchers warn of banking Trojan

Trojan designed to steal online banking credentials hits Danish banks.

A sophisticated online banking Trojan that first surfaced two years ago has hit banks in Denmark, Symantec researchers said.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

While the malware has been detected in the U.S., it hasn't attacked specific banks here, said Kevin Haley, director of product management for Symantec Security Response.

The Trojan, called Bankpatch, first surfaced in 2007 and its authors continue to distribute it and update plug-in modules that are designed to target specific banks and steal online banking credentials, Eric Chien, a researcher at Symantec, wrote in a Symantec blog post Friday. The malware has attacked several Danish banks, he said.

Bank Trojans:
Gartner advises banks to shore up online channels: A bank-targeted Trojan could lead to copycats and should spur security improvements, analysts say.

Study of banking malware analyzes underground economy: Researchers uncover thousands of stolen online banking credentials, email passwords and credit card data.

Phishing, malware to strain banks in 2009: Fraud remained an ongoing problem for financial institutions in 2008 as criminals continued to devise ways to compromise online bank account credentials and steal money.

Users can be infected with Bankpatch by visiting a website that exploits vulnerabilities in Internet Explorer and third-party browser plugs, researchers said.

When executed, the Trojan injects code into Windows system files and patches key routines to hide itself and trigger other actions that allow it to track when Internet Explorer is used. It downloads additional plug-ins known collectively as Infostealer.Nadebanker, which are browser helper objects customized to target certain online baking systems and intercept online banking traffic to change what the user sees, Chien wrote in an update Tuesday.

"This allows Nadebanker to potentially transfer money from these accounts unnoticed," he said.

Haley said it appears that if the attackers know enough about how a bank performs online transactions, they can customize an attack specific to that bank and download it to infected machines as a plug-in. Symantec scans for both the Trojan and Nadebanker, and offers a removal tool.

Dig Deeper on Emerging security threats and attacks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.