As the holiday shopping season begins, new research from Kaspersky Lab shows that banking Trojans are actively targeting customers of popular consumer brands, stealing login credentials and other personal information through retail sites, company’s webpage reports.
Kaspersky Lab technologies detected 9.2 mio attempted attacks on online shops in Q3 2018 – a dramatic shift compared to 11.2 mio attack attempts throughout all of 2017. Online shoppers in the U.S., Italy, Germany, Russia and emerging markets appear to be particularly at risk.
Traditionally, banking Trojans mainly target users of online financial services. Over time, several of these banking Trojans have enhanced their functionality and reach to target online shoppers, attempting to steal their data, or even obtain root access to their devices. With online shopping sales in the U.S. expected to eclipse $5 bln on Black Friday, cybercriminals will be taking advantage of this season to target a massive pool of potential victims.
The main malware families stealing personal data through e-commerce brands are Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye. In particular, detections for SpyEye are expected to be up 34% year over year.
The research found that half (50%) of the brand names targeted by the detected malware families are established consumer brands, including fashion, footwear, jewelry, gifts, toys and department stores, followed by consumer electronics brands (12%) and entertainment/gaming brands (12%).
“Credential-stealing banking malware is nothing new; however, the existence of families hunting for data related to online shopping accounts is perhaps more unexpected,” said Yury Namestnikov, principal security researcher, Kaspersky Lab Global Research and Analysis Team. “If your computer is infected with one of the listed Trojans, then criminals are able to steal payment card details when you enter them on a shop’s website. After that, it is easy for a hacker to get to your money through a compromised credit card. As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data.”