Information Security Professionals Identify Trojan In Credit Score Checking Application

By Author: iClass
Total Articles: 211
Comment this article

Cybercriminals constantly find new ways to steal confidential information. Recently, security researchers at Trend Micro identified a malicious credit score application in a public forum. The application advertised by a user urges Brazilians to check their credit score and criminal records. The interface gives an impression to Internet users that the application is genuine. However, the application contains a malicious function. When unsuspecting users download the application, a Trojan gets downloaded into their computer systems. The Trojan has been identified as TROJ_Banker.LEB. The Trojan uses a Graphical user Interface to attract unwary Individuals. The Trojan extracts confidential information from the affected computers and sends the collected information to remote servers.

Usually, credit scores are developed by credit bureaus and are used by banks, financial institutions to accept or reject a credit application by a customer. They are also used to determine the credit limit on a credit card. The scores are based on past payment history, defaults and delinquencies, length of credit history, and types of credit ...
... availed by customers. The scores are also used by telecom companies and employers. As such, credit scores generate curiosity among the users. Criminals cash on the curiosity to deceive users and steal privileged information. Several other malicious applications are created to trick users to believe the proposition and share confidential information. As Internet users recognize old techniques of lottery, prize offers and phishing e-mails, offenders are devising new sophisticated mechanisms to defraud users. Attacks such as spear phishing are now more specific, making it difficult for users to doubt their authenticity. Such threats compromise information security of the affected individuals.

In the recent times, there has been an onslaught of financial malware such as Zeus, Bugat and their variants. The malware are designed to extract specific information such as online banking username and passwords from the targeted computers. Employees of banks and financial institutions are the usual targets of financial malware. Banks and financial institutions must create security awareness among the employees and use ethical hacking to weed out vulnerabilities in the IT infrastructure.

Users must be wary of opening unsolicited e-mails, applications, files and PDF attachments. They must avoid clicking on suspicious links on websites and e-mails. Information security professionals suggest users to install and update anti-virus, anti-spyware and anti-malware solutions. They must regularly scan the computers for viruses and Trojans. Adherence to security advisories from software vendors and security firms may help Internet users in securing their computers from sophisticated threats.