What Is a “Banking Trojan?”

As we’ve covered many times before, hackers are no longer satisfied with using their skills to destroy computers. After all, whats the point of putting yourself out there as a cybercriminal if all you do is perform petty damage? This is the reason why malware developers these days are putting efforts into moneymaking schemes, such as ransomware and sneaky bitcoin miners.

While these are good means for a malware developer to make some money on the side, the golden egg is the means of accessing someone’s bank account. With online banking being so prevalent in this digital age, all it takes is to gain access to someone’s account, and a hacker can do some serious damage. Of course, making software that steals bank details is one thing – getting it onto people’s devices is something else entirely.

What Is a Banking Trojan?


This is what a banking trojan aims to do. It disguises itself as a genuine app or software that users download and install. Once installed, it then positions itself in a way to access your banking details. How it positions itself depends on the malware, as each one has a way of taking the user’s details. Once it has the login information it needs, it can beam the details back to the malware developers to grant them access to the bank account.

The method of attack differs for each trojan. For example, the malware Zeus installs itself on Window’s computers via spam emails and drive-by downloads (files downloaded from legitimate sites that have been breached and infected). Once it’s installed, it uses keylogging (the ability to read a user’s keyboard inputs) to log the bank login details and send them back. It also connects itself to a botnet in order to receive further instructions.

The Marcher malware, however, is designed with mobile phones in mind. It comes with a few different means of attack, but one of its more ingenious methods is the ability to replicate official banking app screens. When the user goes to open an official bank app, Marcher springs to action and overlays its own fake screen on top of it. The user thinks they’re entering their details into their app, but instead they’re telling a banking trojan all of their login details!

This kind of attack can also be performed against browsers on a PC. This is known as a “man in the browser” attack, where malware changes what you see via redirection tactics. The goal is to redirect the user to a fake login page and get them to enter their details into the phoney site.

How Prevalent Are Banking Trojans?


Unfortunately, banking trojans have been on the rise in recent months. In June, Checkpoint stated that banking trojans were on the rise by a massive 50%. Kaspersky Lab then declared banking trojans the “phantom menace” of Q2 of 2018 after they hit an all-time high. As long as banking trojans make the attackers lots of money, there will always be malware floating around the Internet looking for credentials to steal.

How Do You Stay Safe from Banking Trojans?


With all this talk of trojans, it can be worrying to hear that your bank account could be in grave danger. However, as long as you keep yourself safe, you shouldn’t encounter a banking trojan yourself. The following explains how to stay safe.

Keep Your Security Suites Updates

If you have antivirus running, be sure to keep it topped up with all the latest virus definitions. As new trojans appear and old ones morph, security companies keep a log on what’s going on and update the virus definitions to identify the culprits when they appear. Keep yours updated so that you have the most up-to-date definitions of banking trojans.

Download Apps and Files Only from Trusted Sources

Malware has to get onto your PC or phone somehow, and the most common means is by downloading an infected file. Be sure to double-check what you’re downloading and where you’re getting it from – if the source seems too shady, try finding a better site. For mobile, always download apps from the official app store, and even then, be sure you’re not downloading a fake app by checking the download count and number of reviews of the app. A five-star review doesn’t mean much when it’s only a few people!

Keep an Eye Peeled for Suspicious Behaviour

Does your bank login page look drastically different than you remember it? Perhaps it’s suddenly asking you for very personal information that you’d rather not share? If something “seems off,” be sure to check if you are where you think you are before entering any details.

Use Two-Factor Authentication if Possible

Most banks realise the weight of losing your account to a hacker and have implemented a two-factor authentication method for a second layer of protection. This can include authenticator codes or a second password where you enter specific randomly-chosen characters instead of typing the entire thing. If your bank has this capability, definitely enable it. It could save your account!

Tricky Trojans

With malware being developed to steal money instead of destroying computers, a few attack vectors have spiked in usage over the months. With banking malware on the rise, it’s a good idea to learn more. Now you know how they work and how to defend yourself.

Does the rise in trojans scare you? Or are you protected and secured from the threat? Let us know below.

Simon Batt Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.


  1. “Download Apps and Files Only from Trusted Sources”
    Glib advice that is not worth the disk space it is written on. Everybody trusted Google Store. The Google had to remove thousands of malware-ridden apps from its Store. There have been other instances of supposedly “trusted” sources unknowingly containing malware. If the owner of the apps repository does not know about the malware, how can the users?

    Before online banking was invented, we all went down to the local bank branch to do our banking in person. We didn’t worry about some miscreant emptying all our accounts. Now, all of a sudden, it has become too much bother, too inconvenient, too un-kewl to do banking in person? Sure, online banking is convenient. It allows us to do our banking from the comfort of our recliners while watching the latest reality show. However, there is a hefty price to pay for that convenience and that price is the security of our accounts. I(s the convenience vs security trade off really worth it?

  2. I agree with Dragonmouth, what is a “Trusted source”, these days?

    Some vendors, app stores and the like care more about selling products than the safety of their customers, particularly in terms of the vetting of apps that they release.

    In any case, if malware authors (and malware users) can replicate and redirect legitimate sites, then why not attack app stores as well?

    It’s no longer purely a question of convenience, internet banking is being forced on us more and more as High Street branches are closing at an alarming rate, taking their ATMs with them, I get the feeling that there is a move to phase out cash altogether in favour of debit cards and credit cards, particularly using contactless transactions – potentially, and in some cases actually, a hazardous business, with cloning of cards on the increase.

    Part of that is, of course, to save money on salaries, pensions, business taxes and sometimes rent all of which has been made worse by the fines and compensations that followed on from the financial problems of 2008 and the misselling of Payment Protection Insurance, after all, the banks have to protect their “bottom line”!

    1. The move to a “cashless society” has been going on since the first credit card made its appearance.

      By cutting overhead, banks are trying to maximize their bottom line. Financial institution have no real incentive to keep things secure. It is much cheaper to pay the fines, if any, than it is to maintain the branches and the staff. Equifax, one of the Big Three financial ratings companies, recently had 140 million customer records pilfered. AFAIK, there has been no cost to Equifax for the breach other than a hit on their reputation. If they had to pay a fine of $1,000 for each record stolen, they and other financial institution would be much more diligent in ensuring security and privacy.

      I often wonder at the wisdom of governments bailing out the “too big to fail” institutions. Maybe some of those institutions should be allowed to fail. Yes, the economy might take a temporary hit but maybe in the long run it may become stronger. Companies might tighten up their procedures and quit relying on governmental safety nets.

  3. No disagreement with that but another word for “governmental safety nets” is TAXPAYER – bale outs never come from politicians own pockets except, perhaps, through the taxes they pay.

    For how many years did banks flatly deny that their systems could be compromised? “Oh, you MUST have loaned your card to somebody and you MUST have given them your PIN, it can’t possibly be our system, it’s foolproof”, well, breaking news NOTHING is foolproof, fools are FAR too ingenious!

Comments are closed.