New Trojan intercepts online banking information

Trojan.Silentbanker can intercept online banking transactions that normally are well guarded by two-factor authentication procedures

A new Trojan program is targeting unwitting users' bank data by intercepting account information before it is encrypted and sending it to a central attacker database.

The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user's bank account details over to the attacker's account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker's account after entering their second authentication password.

Although the Trojan.Silentbanker is listed by Symantec as having a low level of distribution and being easy to remove from infected machines, Symantec security response team member Liam O'Murchu says it still poses a danger because of its ability to work without users detecting it.

"The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis," writes O'Murchu on Symantec's security response blog. "This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey -- the list goes on."

The Trojan can be "downloaded or delivered silently through Web exploits," according to Symantec. Once it has been loaded to a machine, it can hook onto various APIs in both Internet Explorer and Firefox. As soon as the program is in place on a Web browser, it is free to cause all kinds of mischief, including redirecting legitimate banking requests to attacker-controlled computers; altering the HTML of pages shown to the user; and recording user names and passwords, as well as capturing screenshots of any Web pages the user visits.

Additionally, says O'Murchu, the Trojan can constantly update itself, as it relays URLs and HTML from banking Web sites to the attackers on a daily basis. "Using these submissions they can target banks for which they do not have bank accounts already," he says. "We are currently monitoring all of the updates to this Trojan."

Symantec recommends users take several steps to guard themselves against this Trojan, including disabling system restore before getting rid of the virus, to ensure the system doesn't inadvertently back up a copy of the Trojan software; making sure all virus definitions are updated on their antivirus software; running a full virus scan of their machines; and finally, deleting the value from their registry.

The Silentbanker Trojan is not the first Trojan aimed at attacking bank accounts. Late last year, for instance, security firm SecureWorks discovered a botnet-controlled Trojan called the "Prg Banking Trojan" that is believed to have affected customers from more than a dozen banks in the United States, the United Kingdom, Italy and Spain.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brad Reed

Network World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?