Overview
Banking and sensitive financial information is a highly coveted target for attackers because of the high value and obvious financial implications. In the past year, a large amount of attention has been centered on Point of Sale (PoS) malware due to its major role in the compromise of several retailers. While PoS malware is a major concern, attackers have also realized that targeting individual end users is an effective method of harvesting other types of financial data. As a result, banking malware has become a prevalent category of malware that poses a major threat to users and organizations of all sizes. One of the more well known examples of banking malware is Zeus.
Table of Contents
Overview
Technical Analysis
Domain Generation Algorithm
Other Thoughts
Conclusion
Appendix
Banking malware typically operates by redirecting users to malicious phishing sites where victim’s input their banking credentials thinking they are logging into their bank’s website. Banking malware can also operate more stealthily by hooking into a browser’s functionality, capturing the victim’s credentials as they are typed in, and exfiltrating them. Once an attacker has a victim’s banking credentials, attackers can then sell it or use it to perform illicit transactions (such as transferring funds to another account on behalf of the victim).