The Silence banking Trojan that has hit at least 10 financial institutions has once again highlighted the weakness of using username and password combinations to access accounts
The Silence banking Trojan that has hit at least 10 financial institutions has once again highlighted the weakness of using username and password combinations to access accounts.
The latest banking Trojan to hit financial institutions has perfected the email lure and has extensive monitoring capabilities, but could be defeated using better user authentication, some have suggested.
The Silence Trojan, discovered and named by researchers at security firm Kaspersky Lab, is described as an evolution of the campaign against financial institutions by the Carbanak gang, linked to the theft of $1bn from banks around the world.
Like the Carbanak campaign, Silence spreads by tricking employees at financial institutions to click on a malicious email attachment.
Once launched, the malware monitors employees, abuses legitimate tools for communications, and then ultimately carries out fraudulent transactions.
This time around, however, the attackers – who first targeted banks in Russia and then Malaysia and Armenia, are using hijacked employee email accounts to “contracts” to the bank’s partners.
The next victim receives a phishing message from the address of a real person who works at the bank, which greatly increases the likelihood of a malicious attachment being clicked. The victim, a financial employee, opens the attached “contract”, which is a file with the .chm extension, a Microsoft help file.