Joint effort sees financial malware attacks rise 16 per cent

In the second quarter of 2016, researchers from security firm Kaspersky Lab have noticed a 15.6 per cent increase in the number of financial malware distributed, compared to the quarter before.

It brings the total number of malware blocked by Kaspersky Lab to 1,132,031. The researchers say this jump is a result of a collaboration between the authors of two ‘leading’ banking Trojans: Gozi and Nymaim.

Nymaim is basically ransomware. Compromised machines get access to their files blocked until ransom is paid. However, a new version includes functionality from Gozi source code, allowing attackers remote access to the victim’s PC. The researchers also said that the joint operation is also visible in the way the malware is distributed.

Currently, Gozi is in second place with 3.8 per cent of users, whose security software spotted it, while Nymaim sits on number six, at 1.9 per cent.

Interestingly enough, Turkey is the most attacked country, with 3.45 per cent of Kaspersky Lab users being attacked in Q2. The country is followed by Russia and Brazil. The latter will probably be attacked even more thanks to the Olympic Games.

“Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom,” says Denis Makrushin, Security expert at Kaspersky Lab.

“Yet another example is the Neurevt Trojan family. This malware was used not only to steal data in online banking systems, but also to send out spam. We at Kaspersky Lab are responding to this situation by expanding and sharpening the way we detect and classify financial malware – so that we can block it even faster.”

Photo Credit: