Cybersecurity experts discovered the Shylock Trojan in 2011. The banking malware used a man-in-the-browser attack that gave recorded account credentials and sent them to criminals. For example, the Trojan would note your account login name and password, making it easy for an unauthorized person to access your financial data, including checking and credit card account numbers.
Standard banking security didn't notice anything suspicious at first because the criminals were using valid login information.Although the Shylock banking malware was largely eradicated in 2014, it taught banking security experts several lessons that remain pertinent today.
Shylock's banking malware didn't cast a very wide net. Instead, it focused on the customers of about a dozen banks. If you didn't use one of the banks on its list, you were presumably safe from the banking malware.
Compare that to the more recent (2021) Bizarro banking Trojan that spread from South America to several countries in Europe, where it stole credentials from the customers of more than 70 banks.
Shylock's strategic approach might have helped it stay under the radar of banking security experts for quite some time. It's impossible to know how long the malware quietly worked in the background before detection. Once discovered, though, it only lasted about three years.
Shylock banking malware spread through many of the same channels that today's malware uses. Infected computers likely picked up the malware when users:
The growth of social media gives today's cybercriminals even more opportunities to spread banking malware and evade banking security. Hacking into one Facebook account can give a cybercriminal opportunities to spread malware across the world very quickly.
The increased reliance on work-from-home applications, including Zoom and Google Meet, also creates opportunities for spreading malware. Banking malware could include code that instructs it to share a link or attachment to everyone during a Zoom meeting. Since you trust your colleagues to send you trustworthy files, you probably wouldn't think twice about clicking on them.
The people who created Shylock included lines from Shakespeare's "The Merchant of Venice" throughout its code. They must have had strange senses of humor. The "joke" makes sense, though, since the play's Shylock character is a moneylender who demands a literal pound of flesh from a customer who cannot repay his debts.
Maybe the cybercriminals felt that they had been wronged by the banks they targeted. Regardless, their banking malware harmed individuals just as much as it did the financial institutions. Luckily, U.S. federal law says that banks can only hold customers accountable for up to $50 of a fraudulent charge.
Shylock isn't a major concern anymore, but plenty of other banking malware programs want to steal your information. What can you do to protect yourself? Some easy, effective options for good cyber hygiene include:
If you ever use your smartphone to access your bank account, you also need to follow smartphone mobile security tips. Important steps include:
Kaspersky's technology can protect you from all major cybersecurity threats, including ransomware, spyware, and banking malware. Kaspersky Total Security stands out as a great option because it uses bank-grade protection for your online payments. Learn how Kaspersky can help you stay ahead of emerging banking security threats.
Do you want help choosing the right solutions for your computers and smartphones? Contact us to get assistance from a representative!