As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites. Kaspersky Lab technologies detected 9.2 million attempted attacks by the end of Q3, 2018, compared to 11.2 for the whole of 2017, with detections for one malware family up by 34%.

 

Half of the online shops attacked were well known consumer apparel brands including fashion, footwear, gifts, toys and department stores. Online shoppers in the US, Italy, Germany, Russia, and emerging markets appear to be particularly at risk.

 

Traditionally, banking Trojans target mostly users of online financial services, looking for financial data to steal, or building botnets out of hacked devices for future attacks. Over time, several of these banking Trojans have enhanced their functionality and reach to target the data and credentials of online shoppers, and obtain root access to their devices.

 

The main malware families stealing from victims through e-commerce brands are Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID, and SpyEye (where detections were up by 34%).

 

The Trojans target well known e-commerce brands to hunt for user credentials like login, password, card number, phone number, and more. They seize the data from victims by intercepting input data on target sites, modifying the online page content, and/or redirecting visitors to phishing pages.

 

The main findings of the research report include:

 

  • Half (50%) of the brand names targeted by the malware families detected are established high street labels, including fashion, footwear, jewelry, gifts, toys and department stores, followed by consumer electronics brands (12%) and entertainment/gaming (12%).

 

  • Overall, the research found 14 malware families targeting a total of 67 consumer e-commerce sites, which include 33 consumer apparel sites, eight consumer electronics sites, eight entertainment and gaming sites, three popular telecoms sites, two online payment sites, and three online retail platforms, among others.

 

Of these:

 

  • Betabot was found to be targeting 46 different brands, including 16 different consumer apparel brands, four consumer electronics brands and eight entertainment/gaming brands; with most of those affected in Italy (14.13% of users affected by any malware were targeted by this threat), Germany (6.04%), Russia (5.5%) and India (4.87%).

 

  • Gozi was found to be targeting 36 brands, including 19 consumer apparel and three consumer electronics brands; with most of those affected in Italy (19.57% of users affected by any of malware), Russia (13.89%), Brazil (11.96%) and France (5.91%).

 

  • Over three million sets of e-commerce credentials were found up for sale on a marketplace easily accessible through the Google search engine. The highest prices are charged for what appear to be hacked merchant accounts.

 

“Credential-stealing banking malware is nothing new. However, the existence of families hunting for data related to online shopping accounts is perhaps more unexpected. If your computer is infected with one of the listed Trojans, then criminals are able to steal payment card details while you enter them on the shop’s website. After that, it is easy for a hacker to get to your money through a compromised credit card,” said Yury Namestnikov, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

 

“Cybercriminals could also use the stolen accounts in money laundering schemes: buying things from a website using victims’ credentials so they look like known customers and don’t trigger any anti-fraud measures, and then selling those items on again. As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data,” added Namestnikov.

 

Kaspersky Lab recommends the following steps to stay safe when shopping online:

 

If you are a consumer

 

  • A powerful, updated security solution is a must for all devices you use to shop online. Avoid buying anything online from websites that look potentially dangerous or which resemble an incomplete version of a trusted brand’s website.

 

  • Don’t click on unknown links in email or social media messages, even from people you know, unless you were expecting the message.

 

If you are an online brand or trader

 

  • Use a tailored security solution to protect your business and customers.

 

  • Pay attention to the personal information used by customers to buy from you. Use a fraud prevention solution that you can adjust to your company profile and the profile of your customers.

 

  • Think about how much money you wish to keep in an online payment transaction account at any one time. The greater the balance, the higher the value of that account to hackers.

 

  • Restrict the number of attempted transactions and always use two-factor authentication (Verified by Visa, MasterCard Secure Code and etc.).

 

The research is based on data obtained with user consent and processed using the Kaspersky Security Network (KSN). All malware belonging to the banking Trojans covered in the report are detected and blocked by Kaspersky Lab security solutions.

 

Further information on the research and a copy of the report, Buyer beware: cyber-threats targeting e-commerce, 2018, can be found on Securelist.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Study Reveals More Than Half of Asia Pacific Consumers Prioritize Security over Convenience in their App Experience
Techworld Date Posted: 24 August 2018 4:28 PM | 100 Views
Consumers will now trade app convenience for security, according to a study commissioned by F5 Networks (NASDAQ: FFIV) ‘The Curve of Convenience – the trade-off between security and convenience’. . See More
 
Study Reveals More Than Half of Asia Pacific Consumers Prioritize Security over Convenience in their App Experience
Techworld Date Posted: 4:28 PM | 100 Views
Consumers will now trade app convenience for security, according to a study commissioned by F5 Networks (NASDAQ: FFIV) ‘The Curve of Convenience – the trade-off between security and convenience’. See More

 
It’s Raining Deals: Nokia Mobile Promos for June
Techworld Date Posted: 21 June 2018 9:40 AM | 322 Views
From June 15 to August 31, enjoy a free Nokia 3310 worth PHP2,590 with every purchase of the Nokia 5 at only PHP9,990. Get free JBL T450BT Bluetooth headphones worth P3,000 with every purchase.... See More
 
It’s Raining Deals: Nokia Mobile Promos for June
Techworld Date Posted: 9:40 AM | 322 Views
From June 15 to August 31, enjoy a free Nokia 3310 worth PHP2,590 with every purchase of the Nokia 5 at only PHP9,990. Get free JBL T450BT Bluetooth headphones worth P3,000 with every purchase...See More

 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 11 January 2018 9:32 AM | 276 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:. See More
 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 9:32 AM | 276 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:See More

 
Get the New iPad 6th Gen from Smart Bro at Php999 per Month
Techworld Date Posted: 24 July 2018 11:16 AM | 420 Views
Looking for the perfect learning tool for your child or a fun and entertaining device to share with your kid?   Look no further as Smart Bro makes it a lot easier for you.... See More
 
Get the New iPad 6th Gen from Smart Bro at Php999 per Month
Techworld Date Posted: 11:16 AM | 420 Views
Looking for the perfect learning tool for your child or a fun and entertaining device to share with your kid?   Look no further as Smart Bro makes it a lot easier for you...See More

 
Transcend Announces New MSA450T mSATA 3D TLC SSD for Embedded Applications
Techworld Date Posted: 28 April 2018 4:47 PM | 289 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to announce the release of the MSA450T industrial solid-state drive equipped with 3D TLC NAND flash memory. The MSA450T comes.... See More
 
Transcend Announces New MSA450T mSATA 3D TLC SSD for Embedded Applications
Techworld Date Posted: 4:47 PM | 289 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to announce the release of the MSA450T industrial solid-state drive equipped with 3D TLC NAND flash memory. The MSA450T comes...See More

 
OpenSignal Cites Smart for Having the Country’s Fastest LTE Network
Techworld Date Posted: 17 April 2018 1:46 PM | 719 Views
Mobile analytics firm OpenSignal has recognized PLDT wireless unit Smart Communications, Inc. for having the country’s fastest LTE network, bestowing the company four citations including best in 4G LTE download speed; best in overall.... See More
 
OpenSignal Cites Smart for Having the Country’s Fastest LTE Network
Techworld Date Posted: 1:46 PM | 719 Views
Mobile analytics firm OpenSignal has recognized PLDT wireless unit Smart Communications, Inc. for having the country’s fastest LTE network, bestowing the company four citations including best in 4G LTE download speed; best in overall...See More

PCBG Contributing Writer
The Race to 64-bit
Techworld • By: PCBG Contributing Writer | Date Posted: 3 March 2018 8:47 AM | 183 Views
When you install an OS, sometimes the installer would say something along the lines of “Your architecture does not support this operating system” and would prompt you to install another. See More
PCBG Contributing Writer
The Race to 64-bit
Techworld • By: PCBG Contributing Writer | Date Posted: 8:47 AM | 183 Views
When you install an OS, sometimes the installer would say something along the lines of “Your architecture does not support this operating system” and would prompt you to install anotherSee More

 
Industrial Networks of Energy and ICS Integration Companies Hit by More Cyberattacks than Any Other Industry in H2, 2017
Techworld Date Posted: 28 March 2018 3:32 PM | 384 Views
Almost 40% of all industrial control systems (ICS) in energy organizations protected by Kaspersky Lab solutions were attacked by malware at least once during the last six months of 2017, closely followed by 35.3%.... See More
 
Industrial Networks of Energy and ICS Integration Companies Hit by More Cyberattacks than Any Other Industry in H2, 2017
Techworld Date Posted: 3:32 PM | 384 Views
Almost 40% of all industrial control systems (ICS) in energy organizations protected by Kaspersky Lab solutions were attacked by malware at least once during the last six months of 2017, closely followed by 35.3%...See More

 
Supply Chain Nightmare: Threat Actors Backdoor Third-Party Software for Enterprise Targeting — Kaspersky Lab’s Predictions for 2018
Techworld Date Posted: 4 January 2018 4:02 PM | 744 Views
This year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate, according.... See More
 
Supply Chain Nightmare: Threat Actors Backdoor Third-Party Software for Enterprise Targeting — Kaspersky Lab’s Predictions for 2018
Techworld Date Posted: 4:02 PM | 744 Views
This year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate, according...See More

 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 16 November 2018 2:40 PM | 155 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.. See More
 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 2:40 PM | 155 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.See More


Power by

Download Free AZ | Free Wordpress Themes