Banking trojans have become a major threat to online banking users. One such multi-stage banking malware, dubbed Gootkit, is again in action that aims to cause humongous financial losses to its victims.

About Gootkit

Gootkit was first discovered in 2014 and propagated via spam and exploit kits. The group has now shifted to compromised websites where targeted users are tricked into downloading the trojan. It can steal data from browsers, conduct man-in-the-browser attacks, and perform keylogging. The malware loader leverages advanced persistence algorithms and performs several sandbox and virtual machine checks. Gootkit has been targeting victims located in Italy and Germany.

Why does it matter?

Gootkit is a primary example of the way malware developers advance their tools. While most banking trojans have the sole aim of stealing financial information. However, being a multipurpose malware, Gootkit has additional flexibility and ability to modify targets and invest in tools for evading detection. 

Latest banking trojans

Apart from Gootkit, there are several financial trojans attempting to create chaos among online banking users.
  • The Bizarro trojan originated in Brazil and went on to target customers of 70 banks located in Spain, Italy, France, and Portugal. It is capable of harvesting account credentials from Android users. 
  • The TeaBot trojan was found targeting banking users in Germany, Spain, the Netherlands, Belgium, and Italy.
  • Earlier in May, the Dridex banking malware made a comeback. It impersonated QuickBooks invoices via phishing attacks. The attacks were mostly concentrated on users located in the U.S., Germany, India, and South Korea.

The bottom line

The emergence of new trojans regularly illuminates the need to exercise caution while downloading any software or documents from the internet. Moreover, the need of the hour is a reliable proactive security strategy that can help identify threats using threat intelligence before they leave an impact. Some good recommendations to follow would be not opening attachments from unsolicited emails, not clicking on suspicious links, or avoiding any software received from unknown sources.

Cyware Publisher