India 3rd most affected country by online banking malware, says Trend Micro

Trend Micro First Quarter Threat Round Up-2014 has positioned India in the third position in terms of online banking malware threat after United States and Japan.

India slowly rose to the top 3 position due to a spike in the number of online bankers in the country, which could be attributed to a vastly improved banking industry, Trend Micros said.

“The number of online bankers in the India has improved the overall industry but has resulted in significant rise in malicious activities. The mobile banking transaction volume grew along with the number of online money transfers-a-top-ranking secondary means of making inward remittances in India in Q1, 2014,” said Dhanya Thakkar, managing director, Trend Micro.

Trend Micro - Online Banking Malware


Trend Micro - Online Banking MalwareOnline banking malware creators have created sophisticated portfolios yet again with the addition of new routines to their usual weapons of choice. “We found a ZeuS/ZBOT variant that had a 64-bit version, used Tor to hide C&C communications, and evaded anti-malware detection,” she added.

On the Control Panel (CPL) front, Trend Micro has unmasked a BANLOAD variant that only affected Latin Americans who have been identified as such through their security software plug-ins.

Though they sported new routines, online banking malware retained their core. They continued to be widespread in the same countries—United States (23 percent), Japan (10 percent), and India (9 percent)—and grow in number amid the steady rise of the number of Internet users and online transactions.

In fact, the online banking malware volume showed a 3 percent increase to 116,000 this quarter from 113,000 in the first quarter of 2013.

Since law enforcement activities against online theft are slowly being ramped up, cybercriminals are starting to add more layers to ensure anonymity in order to protect their identities and avoid getting arrested.

Using Tor as a C&C channel allowed them a little more anonymity and gave them some degree of additional resilience against security software detection and takedown.

[email protected]