LTS Secure Warning: Hackers clearing bank accounts utilizing malicious Trojan
BackSwap Malware is a newly discovered banking Trojan. This malware has an innovative technique to identify user accessed banking websites and injects malicious code into the targeted web pages.
On March 2018, the first version of the banking malware detected by ESET as Win32/BackSwap, when the hacker released clipboard malware. The hackers started using BackSwap only in March, but focused heavily on its development, releasing new versions almost daily.
The applications like TPVCGateway, SQLMon, DbgView, WinRAR Uninstaller, 7Zip, OllyDbg, and FileZilla Serve used as the target for the modification is being changed regularly.
Browsers like Google Chrome, Mozilla Firefox and in recent versions its authors also added support for the Internet Explorer.
At the moment, the malware is made to target customers of five Polish banks (PKO Bank Polski, Bank Zachodni WBK S.A., mBank, ING and Pekao), and will only steal money if the wire transfer amount is between 10,000 and 20,000 Polish zloty (i.e., $2,800 – $5,600).
As browsers become better protected form of the conventional code injection, malware authors will attack the browsers in different fashions and Win32/BackSwap.
ESET has notified the affected browser vendors regarding the innovative script injection technique.
ESET has released a security advisory about BackSwap Malware on May 25, 2018.