Skip to main content

New botnet steals account credentials to login to banking sites

A new botnet has been discovered that collects account credentials from users on popular sites and then tries the logins it has acquired on bank login pages.

This new tactic is quite clever in the way that it is able to avoid setting off botnet detection and the rate-limiters that most modern banks have in place. These same security measures are generally not present on the rest of the web which allows the botnet to collect passwords and prey on users guilty of password re-use.

It also has a high rate of possible success since anywhere from 15 to 60 per cent of users re-use their passwords across multiple sites for the sake of convenience. Many users also select easy to remember passwords that are often re-used as opposed to complex and unique passwords. Password lockers are also often overlooked by the average internet user.

This new botnet that collects passwords and retries them on banking sites was one of the highlights of ThreatMetrix's new cybercrime report. The report brings to light how botnets have evolved from being high volume distributed denial of service (DDoS) attacks to bots programmed to avoid detection and security measures while mimicking the behaviour and login patterns of real users.

A researcher in the report added additional insight into how this new botnet operates: “Once the fraudsters get a new list of user credentials from the dark web they launch a series of attacks targeting multiple sites to run massive credential testing sessions. These attacks result in huge spikes over a couple of days with sustained transaction levels of over 200 transactions a second as they slice down the list. Once they get a hit at any site, the fraudsters take this curated list of known combinations of passwords and logins to other sites to launch attacks at a slower velocity.”

These lower velocity attacks account for some 264 million attacks this year that are increasingly harder to detect. Content providers such as Spotify and Netflix are often the initial targets of these attacks due to their “modest sign up requirements.”

To prevent falling victim to an attack by these botnets it is strongly recommended that you use complex passwords for all of your accounts and that your online banking passwords remain unique from those used on social media or streaming services.

Image Credit: Gunnar Assmy / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.