As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites. Kaspersky Lab technologies detected 9.2 million attempted attacks by the end of Q3, 2018, compared to 11.2 for the whole of 2017, with detections for one malware family up by 34%.

 

Half of the online shops attacked were well known consumer apparel brands including fashion, footwear, gifts, toys and department stores. Online shoppers in the US, Italy, Germany, Russia, and emerging markets appear to be particularly at risk.

 

Traditionally, banking Trojans target mostly users of online financial services, looking for financial data to steal, or building botnets out of hacked devices for future attacks. Over time, several of these banking Trojans have enhanced their functionality and reach to target the data and credentials of online shoppers, and obtain root access to their devices.

 

The main malware families stealing from victims through e-commerce brands are Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID, and SpyEye (where detections were up by 34%).

 

The Trojans target well known e-commerce brands to hunt for user credentials like login, password, card number, phone number, and more. They seize the data from victims by intercepting input data on target sites, modifying the online page content, and/or redirecting visitors to phishing pages.

 

The main findings of the research report include:

 

  • Half (50%) of the brand names targeted by the malware families detected are established high street labels, including fashion, footwear, jewelry, gifts, toys and department stores, followed by consumer electronics brands (12%) and entertainment/gaming (12%).

 

  • Overall, the research found 14 malware families targeting a total of 67 consumer e-commerce sites, which include 33 consumer apparel sites, eight consumer electronics sites, eight entertainment and gaming sites, three popular telecoms sites, two online payment sites, and three online retail platforms, among others.

 

Of these:

 

  • Betabot was found to be targeting 46 different brands, including 16 different consumer apparel brands, four consumer electronics brands and eight entertainment/gaming brands; with most of those affected in Italy (14.13% of users affected by any malware were targeted by this threat), Germany (6.04%), Russia (5.5%) and India (4.87%).

 

  • Gozi was found to be targeting 36 brands, including 19 consumer apparel and three consumer electronics brands; with most of those affected in Italy (19.57% of users affected by any of malware), Russia (13.89%), Brazil (11.96%) and France (5.91%).

 

  • Over three million sets of e-commerce credentials were found up for sale on a marketplace easily accessible through the Google search engine. The highest prices are charged for what appear to be hacked merchant accounts.

 

“Credential-stealing banking malware is nothing new. However, the existence of families hunting for data related to online shopping accounts is perhaps more unexpected. If your computer is infected with one of the listed Trojans, then criminals are able to steal payment card details while you enter them on the shop’s website. After that, it is easy for a hacker to get to your money through a compromised credit card,” said Yury Namestnikov, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

 

“Cybercriminals could also use the stolen accounts in money laundering schemes: buying things from a website using victims’ credentials so they look like known customers and don’t trigger any anti-fraud measures, and then selling those items on again. As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data,” added Namestnikov.

 

Kaspersky Lab recommends the following steps to stay safe when shopping online:

 

If you are a consumer

 

  • A powerful, updated security solution is a must for all devices you use to shop online. Avoid buying anything online from websites that look potentially dangerous or which resemble an incomplete version of a trusted brand’s website.

 

  • Don’t click on unknown links in email or social media messages, even from people you know, unless you were expecting the message.

 

If you are an online brand or trader

 

  • Use a tailored security solution to protect your business and customers.

 

  • Pay attention to the personal information used by customers to buy from you. Use a fraud prevention solution that you can adjust to your company profile and the profile of your customers.

 

  • Think about how much money you wish to keep in an online payment transaction account at any one time. The greater the balance, the higher the value of that account to hackers.

 

  • Restrict the number of attempted transactions and always use two-factor authentication (Verified by Visa, MasterCard Secure Code and etc.).

 

The research is based on data obtained with user consent and processed using the Kaspersky Security Network (KSN). All malware belonging to the banking Trojans covered in the report are detected and blocked by Kaspersky Lab security solutions.

 

Further information on the research and a copy of the report, Buyer beware: cyber-threats targeting e-commerce, 2018, can be found on Securelist.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
PLDT Hosts Regional Telecom Leaders in First FTTH APAC Conference in PH
Techworld Date Posted: 8 May 2018 5:03 PM | 187 Views
Manila, Philippines – Telco and digital services leader PLDT is all set to host the Philippines’ first FTTH APAC Conference which will take place on May 8 to 10, 2018 at the Shangri La.... See More
 
PLDT Hosts Regional Telecom Leaders in First FTTH APAC Conference in PH
Techworld Date Posted: 5:03 PM | 187 Views
Manila, Philippines – Telco and digital services leader PLDT is all set to host the Philippines’ first FTTH APAC Conference which will take place on May 8 to 10, 2018 at the Shangri La...See More

 
Epson Wins Good Design Awards for Projectors, Printers, and Scanner
Techworld Date Posted: 7 December 2018 4:35 PM | 42 Views
Seiko Epson Corporation (TSE: 6724, "Epson") has won a 2018 Good Design Award for a total of eight designs, including three for projectors, four for printers, and one for a scanner.. See More
 
Epson Wins Good Design Awards for Projectors, Printers, and Scanner
Techworld Date Posted: 4:35 PM | 42 Views
Seiko Epson Corporation (TSE: 6724, "Epson") has won a 2018 Good Design Award for a total of eight designs, including three for projectors, four for printers, and one for a scanner.See More

 
10 Tip to Improve Your Internet Privacy
Techworld Date Posted: 31 July 2018 5:09 PM | 411 Views
Massive data breaches, marketers tracking your every step online, shady people exploring the photos you shared in social networks — the list of digital annoyances goes on and on. However, it’s not completely hopeless:.... See More
 
10 Tip to Improve Your Internet Privacy
Techworld Date Posted: 5:09 PM | 411 Views
Massive data breaches, marketers tracking your every step online, shady people exploring the photos you shared in social networks — the list of digital annoyances goes on and on. However, it’s not completely hopeless:...See More

 
ASUS Republic of Gamers Launches Maximus X and Strix Z370 Series Motherboards
Techworld Date Posted: 19 October 2017 8:37 AM | 422 Views
ASUS Republic of Gamers (ROG) today announced Maximus X and Strix Z370, a diverse collection of ROG Z370 gaming motherboards featuring support for the latest 8th Generation IntelCoreTM processors and designed for a range.... See More
 
ASUS Republic of Gamers Launches Maximus X and Strix Z370 Series Motherboards
Techworld Date Posted: 8:37 AM | 422 Views
ASUS Republic of Gamers (ROG) today announced Maximus X and Strix Z370, a diverse collection of ROG Z370 gaming motherboards featuring support for the latest 8th Generation IntelCoreTM processors and designed for a range...See More

 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 30 July 2018 3:47 PM | 428 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.. See More
 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 3:47 PM | 428 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.See More

 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 24 September 2018 4:57 PM | 128 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend.... See More
 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 4:57 PM | 128 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend...See More

 
ADATA XPG SPECTRIX D80 RGB Memory Module with Liquid Nitrogen Cooling Hits 5531MHz Mark
Techworld Date Posted: 1 June 2018 10:45 AM | 310 Views
ADATA® Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, announces that it has overclocked its XPG SPECTRIX D80 RGB DDR4 memory module to 5531MHz in a liquid-nitrogen-cooled configuration. . See More
 
ADATA XPG SPECTRIX D80 RGB Memory Module with Liquid Nitrogen Cooling Hits 5531MHz Mark
Techworld Date Posted: 10:45 AM | 310 Views
ADATA® Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, announces that it has overclocked its XPG SPECTRIX D80 RGB DDR4 memory module to 5531MHz in a liquid-nitrogen-cooled configuration. See More

 
Kaspersky Lab Unravels the Truth on Cyber Espionage at its 3rd APAC Cyber Security Conference
Techworld Date Posted: 17 October 2017 1:26 PM | 254 Views
Kaspersky Lab unriddled the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region on its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand last week.. See More
 
Kaspersky Lab Unravels the Truth on Cyber Espionage at its 3rd APAC Cyber Security Conference
Techworld Date Posted: 1:26 PM | 254 Views
Kaspersky Lab unriddled the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region on its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand last week.See More

 
Transcend Brings 3D NAND to mSATA SSD MSA230S for Consumers
Techworld Date Posted: 31 August 2018 2:07 PM | 87 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is introducing the mSATA SSD MSA230S to its comprehensive portfolio of high-quality, reliable solid-state storage solutions.. See More
 
Transcend Brings 3D NAND to mSATA SSD MSA230S for Consumers
Techworld Date Posted: 2:07 PM | 87 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is introducing the mSATA SSD MSA230S to its comprehensive portfolio of high-quality, reliable solid-state storage solutions.See More

 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 27 September 2017 4:59 PM | 183 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet.... See More
 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 4:59 PM | 183 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet...See More


Power by

Download Free AZ | Free Wordpress Themes