Banking Trojans are a complex, expensive type of malware with a wide range of features. Unlike common info stealers – which are sold to anyone for a few dollars – Banking Trojans are purchased by fewer, more professional threat actors. Some of these malware families have eventful histories spanning a decade, involving constant code changes, and occasionally arrests and leaks.
Banking Trojans focus on stealing customer banking information but can often do much more. Threat actors pay a premium for this capability. They contain a far more extensive set of features than run-of-the-mill malware, usually packaged as a complex, modular framework. Modules of the malware can implement lateral movement, all types of credential stealing possible, botnet features, backdoors, crypto mining or deploying secondary payloads such as ransomware.
In this SANS Webcast, VMRay Sr. Threat Analyst Tamas Boczan, Product Manager Rohan Viegas and SANS Analyst Jake Williams will answer:
What are the most common banking Trojans in the wild?
Which techniques do they use?
How can security professionals improve their detections?