Researchers find malware targeting online stock trading software

The malware is the result of a growing trend of cybercriminals targeting online brokerage accounts, Group-IB researchers say

Security researchers from Russian cybercrime investigations company Groub-IB have recently identified a new piece of malware designed to steal login credentials from specialized software used to trade stocks and other securities online.

The malware targets Internet trading software called QUIK and FOCUS IVonline from Russian software development firms ARQA Technologies and EGAR Technology, respectively, Group-IB researchers said Wednesday in a blog post.

The software can be used to trade on the Moscow Exchange (MICEX), the Saint Petersburg Exchange, the Ukrainian Exchange and other exchanges. It's also used by other brokerage firms like BrokerCreditService in Cyprus, Otkritie in the U.K. and Russia, InstaForex, as well as by large banks like Sberbank, Alfa-Bank and Promsvyazbank, Group-IB said.

Once installed on a computer, the malware checks for the presence of the targeted applications and begins to monitor how the user interacts with them by taking screen shots. It also steals the log-in credentials and uploads the data to a command and control server, the Group-IB researchers said.

Customers should have standard malware protection installed on their computers like antivirus programs and firewalls if they use financial software, Vladimir Kurlyandchik, head of business development at ARQA Technologies, said Thursday via email. "This is our standard recommendation."

Customers who suspect that their accounts might have been accessed without authorization should immediately change their access keys, he said.

According to Kurlyandchik, the QUIK software supports several mechanisms that can prevent account hijacking. This includes the ability to restrict access only to certain IP (Internet Protocol) addresses, as well as two-step authentication via SMS or RSA SecureID tokens.

Clients and brokers can choose the best option suited for their situation, Kurlyandchik said. The brokerage firms can also use some tools to monitor activity and block access to suspicious IP addresses, he said.

However, even if such security features are available it doesn't necessarily mean that everyone is using them. There are many ways to extract funds from online trading accounts because of poor anti-fraud protection on the server side, said Andrey Komarov, the head of international projects at Group-IB.

For example, FOCUS IVonline is normally used through an encrypted VPN (Virtual Private Network) channel provided by a Russian security product, but this is not enough and hackers can still easily abuse the software, Komarov said. The malware can use remote access tools like VNC or RDP to allow attackers to connect through the victim's computer.

Most of these specialized trading applications are well designed and have good security, but they are installed in untrusted environments, so it's hard to protect them, Komarov said. The customer's PC security is the main issue, he said.

There have been previous reports of hackers compromising online brokerage accounts. Those attacks primarily used form grabbers and Web injects like those seen in online banking malware, Komarov said.

Targeting online trading accounts is part of a big and growing trend for cybercriminals, he said.

Join the PC World newsletter!

Error: Please check your email address.

Tags Group-IBsecurityDesktop securityAccess control and authenticationEGAR TechnologyARQA Technologiesspywarefraudmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?