India Is The 3rd Most Affected Country By Online Banking Malware: Trend Micro

Trend-Micro-logoNew Delhi, India, June 21, 2014: As revealed in the Trend Micro Q1, 2014 Threat Round Up, India has made it to the top 3 most affected countries by online banking malware. India slowly rose to the top 3 due to a spike in the number of online bankers in the country, which could be attributed to a vastly improved banking industry.

Dhanya Thakkar, Managing Director, Trend Micro (India & SEA) said, “The number of online bankers in the India has improved the overall industry but has resulted in significant rise in malicious activities. The mobile banking transaction volume grew along with the number of online money transfers-a-top-ranking secondary means of making inward remittances in India in Q1, 2014.”

Online banking malware creators updated their portfolios yet again with the addition of new routines to their usual weapons of choice. Case in point: We found a ZeuS/ZBOT variant that had a 64-bit version, used Tor to hide C&C communications, and evaded anti-malware detection. We also saw a ZeuS/ZBOT spam attachment run only on a specific date but crashed on any other.

On the Control Panel (CPL) front, we unmasked a BANLOAD variant that only affected Latin Americans who have been identified as such through their security software plug-ins. Another variant, meanwhile, used a nonexisting WhatsAppdesktop client as lure to spread. Even worse, when executed, it downloaded a BANKER variant as well onto an already-infected computer.

Though they sported new routines, online banking malware retained their core. They continued to be widespread in the same countries—United States (23%), Japan (10%), and India (9%)—and grow in number amid the steady rise of the number of Internet users and online transactions. In fact, the online banking malware volume showed a 3% increase to 116,000 this quarter from 113,000 in the first quarter of 2013.

Since law enforcement activities against online theft are slowly being ramped up, cybercriminals are starting to add more layers to ensure anonymity in order to protect their identities and avoid getting arrested. Using Tor as a C&C channel allowed them a little more anonymity and gave them some degree of additional resilience against security software detection and takedown.

Leave a Reply

Your email address will not be published. Required fields are marked *