Palo Alto Networks look at the techniques used by some of the world’s most notorious banking Trojan families to steal sensitive data and manipulate form data.

Almost all financial cybercriminals want the same thing: your personal information. This is why most banking Trojans are designed to steal one or two pieces of data from a user before sending it to the criminal’s servers, where they can use it to gain access to your bank account and clean out its contents.

Malicious actors behind banking Trojan campaigns are opportunistic in pursuing their objectives. While many banking Trojans have remained largely unchanged over time, there have been some shifts in approach. Recent instances have shown that malicious actors are trying to stay a step ahead by adding new features that are not only useful for themselves, but also potentially beneficial for their victims.

Banking Trojans have always been driven by profit and technical ingenuity. In recent years, however, they seem to be getting more creative in the ways they attack users and steal their data. Many of the tricks were seen back in 2013 & 2014, when criminal gangs relied heavily on simple forms of social engineering to infect targeted individuals with malware via compromised email messages or drive-by downloads (recall Operation Shady RAT).

‍

Source: Banking Trojan Techniques: Financially Motivated Malware - AlienVault - Open Threat Exchange