Researchers find malware targeting online stock trading software

The malware is the result of a growing trend of cybercriminals targeting online brokerage accounts, Group-IB researchers say

Security researchers from Russian cybercrime investigations company Groub-IB have recently identified a new piece of malware designed to steal login credentials from specialized software used to trade stocks and other securities online.

The malware targets Internet trading software called QUIK and FOCUS IVonline from Russian software development firms ARQA Technologies and EGAR Technology, respectively, Group-IB researchers said Wednesday in a blog post.

The software can be used to trade on the Moscow Exchange (MICEX), the Saint Petersburg Exchange, the Ukrainian Exchange and other exchanges. It's also used by other brokerage firms like BrokerCreditService in Cyprus, Otkritie in the U.K. and Russia, InstaForex, as well as by large banks like Sberbank, Alfa-Bank and Promsvyazbank, Group-IB said.

Once installed on a computer, the malware checks for the presence of the targeted applications and begins to monitor how the user interacts with them by taking screen shots. It also steals the log-in credentials and uploads the data to a command and control server, the Group-IB researchers said.

Customers should have standard malware protection installed on their computers like antivirus programs and firewalls if they use financial software, Vladimir Kurlyandchik, head of business development at ARQA Technologies, said Thursday via email. "This is our standard recommendation."

Customers who suspect that their accounts might have been accessed without authorization should immediately change their access keys, he said.

According to Kurlyandchik, the QUIK software supports several mechanisms that can prevent account hijacking. This includes the ability to restrict access only to certain IP (Internet Protocol) addresses, as well as two-step authentication via SMS or RSA SecureID tokens.

Clients and brokers can choose the best option suited for their situation, Kurlyandchik said. The brokerage firms can also use some tools to monitor activity and block access to suspicious IP addresses, he said.

However, even if such security features are available it doesn't necessarily mean that everyone is using them. There are many ways to extract funds from online trading accounts because of poor anti-fraud protection on the server side, said Andrey Komarov, the head of international projects at Group-IB.

For example, FOCUS IVonline is normally used through an encrypted VPN (Virtual Private Network) channel provided by a Russian security product, but this is not enough and hackers can still easily abuse the software, Komarov said. The malware can use remote access tools like VNC or RDP to allow attackers to connect through the victim's computer.

Most of these specialized trading applications are well designed and have good security, but they are installed in untrusted environments, so it's hard to protect them, Komarov said. The customer's PC security is the main issue, he said.

There have been previous reports of hackers compromising online brokerage accounts. Those attacks primarily used form grabbers and Web injects like those seen in online banking malware, Komarov said.

Targeting online trading accounts is part of a big and growing trend for cybercriminals, he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Group-IBsecurityAccess control and authenticationDesktop securityspywareARQA TechnologiesEGAR Technologymalwarefraud

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?