12th March 2019

Number of users attacked by banking Trojans grew by 16% in 2018, says Kaspersky

In 2018, 889,452 users of Kaspersky Lab solutions were attacked by banking Trojans, an increase of 15.9 per cent compared with 2017, when over 767,000 users were hit. The growth partially occurred due to increased activities of only one banker, according to an analysis of the financial threat landscape by Kaspersky Lab.

Attacks with banking Trojans, or ‘bankers’, are among the most popular for cyber criminals as they are focused directly on financial gain. This kind of malware steals credentials for e-payment and online banking systems from victims, intercepting one-time passwords, and then sending the data to the attackers behind the Trojan.

Of 889,452 attacked users, almost 25 per cent were corporate ones, a figure that has remained fairly consistent for the last three years. According to Kaspersky Lab experts, the reason behind this is clear: while attacks on consumers will only provide access to banking or payment system accounts, successful hits on employees can also compromise a company’s financial resources.

The collected data also shows that Russia became the most targeted nation in 2018, accounting for over 22 per cent of global users attacked with banking malware. It is followed by Germany (with a share of over 20 per cent), and India (almost 4 per cent).

David Emm, Principal Security Researcher at Kaspersky Lab, said: “2018 didn’t give individuals much respite from financial threats. Our research demonstrates that infamous banking Trojan attacks are still increasing in number and hunting for money. The RTM banking Trojan was particularly interesting; its explosive growth massively inflated the attack figures last year. In the wake of these findings, we urge people to maintain caution when conducting financial operations online from PCs. Never underestimate the professionalism of modern cybercriminals – and never leave your computer unprotected.”

The key findings:
• In 2018, the share of financial phishing decreased from 53.8 per cent to 44.7 per cent of all phishing detections, still accounting for almost a half of overall detections.
• The share of phishing related attacks to payment systems and online shops accounted for almost 14 per cent and 8.9 per cent respectively in 2018.
• In 2018, the number of users attacked with banking Trojans was 889,452 – an increase of 15.9 per cent in comparison with 767,072 2017.
• 24.1 per cent of users attacked with banking malware were corporate users.
• Zbot and Gozi are still the kings when it comes to most widespread banking malware family (over 26 per cent and 20 per cent of attacked users respetively), followed by SpyEye (15.6 per cent).
• In 2018, the number of users that encountered Android banking malware more than tripled to 1,799,891 worldwide.
• Just three banking malware families accounted for attacks on the vast majority of users (around 85 per cent).