Banking Trojans Could Be Used to Target Your Wallet & Crypto Exchange
Cryptocurrency traders, blockchain and crypto firms have been warned to prepare for an intensified spate of cybercrime-related raids, with nasty new strains of malware already circulating.
Per a report compiled by ThreatFabric, criminals have been deploying sophisticated new programs in an attempt to snare unsuspecting companies and individuals. And although most of these have been developed to target online banking platforms, they are often just as effective when it comes to compromising crypto exchanges and wallets.
The company has compiled a list of Remote Access Trojans (RATs) that could pose a major threat to mobile and remote payments during the year ahead – the Year of the Rat according to many Asian horoscopes.
RATs allow criminals to carry out fraudulent transactions directly from victims’ infected devices and in recent years have seen an escalation in the number of reported mobile malware-related cases.
ThreatFabric says that some of the most popular banking trojans that could pose a threat to challenge to crypto exchanges and wallets this year include the following:
This piece of malware appeared on the scene in June last year, taking over from the rented banking trojan Anubis. In its early days, Cerberus lacked sufficient capacities to lower the detection barrier for anti-fraud solutions, but last January an improved version of the RAT made its debut.
Some of its targets: ING Direct France, Google Play Store, Gmail, Lloyds Bank Mobile Banking, Microsoft Outlook, Wells Fargo Mobile, Yahoo Mail, Facebook, Instagram, PayPal, Snapchat, Twitter, Viber, Whatsapp, Telegram.
Possibly the first Android banking trojan to rely on operating systems’ Accessibility Service, Gutstuff was first detected in 2016. But its latest versions represent a significant development when compared with earlier programs. Its recent incarnation is fitted with added functionalities such as keylogging, browser overlays and the first-ever Android banking trojan, Automated Transaction Systems (ATSs). The malware has mainly been used to attack banks based in Australia and Canada, but its users’ targets also extend to crypto wallets.
Some of its targets: Google Play, RBC Mobile, Coinbase, Skrill, Blockchain Wallet, BitPay, Electrum, Xapo, Abra, Freewalet.
Developed as an SMS hacking tool in 2019, Ginp has undergone a dynamic evolution, incorporating code from existing malware, and morphing into a complete banking trojan. To steal credit card data and other credentials, this trojan uses overlay attacks through push notifications, and is now fitted with a keylogging capacity that lets it take over many of the principal functions of hijacked devices. What it still lacks is the capacity to remain undetected, but improved versions just keep rolling out.
Some of its targets: CaixaBank, Santander, eBay, Play Store, Youtube, Skype, Instagram, Facebook.
This program started out life as a dropper service, but also features screencast capacities. Since February 2019, though been used as a fully-fledged banking trojan. While it does not yet have total RAT functionality, the malware’s well-designed modular architecture means it is only a hair’s breadth away from becoming as effective as many other banking trojans. Until recently, Hydra users’ prime targets were Turkish banks and selected crypto wallet apps, its scope is starting to expand.
Some of its targets: Binance, BtcTurk, Bitfinex, Coinbase, Netflix, Poloniex, Blockchain Wallet, Yahoo mail.
This afore-mentioned banking trojan is not dead yet, despite the rise of Cerberus and the successful conviction of its creator. It remains a popular choice for criminals involved in developing Android banking malware of their own. In fact, new versions continue to appear. And in January last year, a user on a Russian-language underground malware forum stated that they were offering a 2.5 version that featured full RAT functionality.