Malware Grabs Personal Banking Data

Thanks to the trend of dropping prices for malware programs, certain Trojan horse programs are posing new threats to the online banking industry.

The particular malware program referenced in this online article is called Limbo. Limbo has dropped in price to $350, “down from about $1,000 a year ago and $5,000 two years ago.” As a result of this decrease in cost, Limbo and similar malware programs have become available to a wider variety of fraudsters, and there concerns about an increased number of online bank frauds.

Specifically, Limbo “integrates itself into a Web browser using a technique called HTML injection,” and operates when users access online banking sites. Since Limbo is so closely integrated into the web browser, “it can operate even while the user is at the real bank site and can actually change the layout of that site.”

Unfortunately—other than that they are asked for personal information which has never been requested before—there are no clues to users that they are under attack. So, Limbo can easily trick users into releasing personal information such as credit card numbers, bank account numbers, social security numbers, and PINs.

Even more unfortunate is how easy it is for such malware to get onto users’ computers. According to the article, Limbo can get onto your computer through “many paths, including both pop-up messages that ask you to download an add-on program and methods that are invisible to the user.” To combat this new security threat, software programmers are working on ways for anti-malware programs to screen for malware that use HTML injection and block said malware from running.

Until such updates are available, I suggest being vigilant. If you are banking online and your bank suddenly asks for new personal information that it has never requested before, you should be cautious. I would also suggest not downloading any software programs that you aren’t certain are safe. I realize that this kind of vigilance should be practiced regardless, but I thought I’d mention it anyway.