How new malware stole millions from customers of 22 U.S. banks


Phishing and malware scams are everywhere these days — and if you don’t take the necessary steps to protect yourself, you could end up losing a lot of money.

Malware, short for malicious software, is software designed to infiltrate or damage a computer without your consent. Malware includes computer viruses, worms, trojan horses, spyware, scareware and more. It can be present on websites and emails, or hidden in downloadable files, photos, videos, freeware or shareware.

While this kind of threat has been around for a while, there’s now a new breed of malware doing some serious damage — and it’s already been used to attack customers of 22 banks in the U.S. and two in Canada, costing victims around $4 million in just the first few days of April, according to a recent announcement made by cybersecurity researchers at IBM.

Read more: This typo can give hackers access to your computer

A new type of malware

According to IBM’s X-Force, part of the company’s security team, the new malware is a hybrid of two other known strains of malware — combining ‘the best of both.’

And unlike other recent banking attacks, this one is targeting customers, rather than the actual banks or their employees, and it’s being carried out via email.

Here’s how it works: the malware is installed on a user’s computer when he or she clicks on any attachment or link sent via email. The malware then remains hidden, so the victim has no idea it’s even there, until the user accesses his or her bank account from that same computer. 

At that point, the malware can wreak all sorts of havoc aimed at stealing and transmitting the victim’s information. It can log keystrokes in order to steal usernames, passwords and other account log-in information, as well as capture images of the individual’s online bank account, an IBM security expert told the Wall Street Journal.

Read more: Is that ATM safe to use? Maybe not…


How to avoid the new malware and others like it

This latest attack is another reminder that criminals are finding new methods of carrying out phishing scams and other types of identity theft every day. But the good news is that there are ways for you to minimize your risks of becoming a victim.

Here are a few ways to protect yourself and your information:

  • Don’t click on any links in an email you weren’t expecting: Scammers often disguise malware attacks as emails that appear to be from a friend, helpful website or company you do business with. If you aren’t sure about it, delete the email and contact the friend or company directly. If you click on any link or attachment in an email you weren’t expecting, it could install malware on your device without you even realizing it until your bank account has been drained.
  • If you receive an email claiming to be from your bank or other company that has your personal information, don’t click on any of the links: Even if it looks official, it could still very easily be a scam. Instead, log in to your account separately to check for any new notices. You can also call the company about the information sent via email. 
  • Research unknown sites before going to them directly: When it comes to spotting potentially-dangerous websites, before you go to an unknown site, double-check the spelling of the web address/URL by first doing a search for it.
  • Run anti-virus software: Frequently run anti-virus protection programs on your devices to check for any malware that could be hiding in the background. Here’s a list of free options.

Watch: Scam alert: Is that job posting real?

  • Show Comments Hide Comments