Banking Malware & Attack Vectors Outlook For 2020 (Part 2) |

In the previous part of this article, we covered different banking malware families and the most common ways, how you might get infected by malware and what are the consequences.

Let’s look briefly into the techniques of how the attacker smuggles the malicious content on your computer. We’ve added the information to the end of every chapter on how to prevent each technique.

Desktop Malware Coming from Spam/Phishing e-mail

Excel File With Macros

Prevention: Think twice before opening any files, verify any suspicious e-mail with the sender via a different channel than e-mail (e.g., on the phone).

EXE File Masquerading Itself With Different Extension In Its Name

Prevention: Check the file properties before opening, verify e-mail with the sender via different channels than e-mail; upload the file to online free malware scanners if unsure/impossible to verify.

Visiting pages where Flash with vulnerabilities is loaded, Flash opens Win PowerShell and executes code (file-less malware attack)

Prevention: Always update Flash Player and other software to the most current version.

Malware Code Execution via Webinjection Technique

We might encounter malware masking as a browser addon/extension, or desktop application injects code in the website to execute malicious JavaScript code.

Prevention: Install only trusted software from trusted sources and check reviews before installation.

Website clickjacking

Prevention: Mostly done in website configuration. Users can install browser addon preventing clickjacking.

Other file-less malware

Prevention: Difficult. Understanding the environment of your devices and operating system plays a significant role.

Mobile malware tricks


Prevention: Look closely at what apps have SYSTEM_ALERT_WINDOW permission enabled. This permission (if enabled) allows the malware to draw overlays. This attack can be combined with a clickjacking attack on apps. This attack, also known as a “UI redressing” is an interface-based attack in which the malware overlays a window on top of a legitimate application. It then asks the user to click in certain places in the overlay, while at the same time propagating the user’s actions to the application below the overlay. This way, the malware can trick the user into almost any activity, while the user remains unaware of what is actually going on below the overlay.

SMS Stealing

Accessibility Abuse

Prevention: Watch out for BIND_ACCESSIBILITY_SERVICE.

Abusing Android’s Multitasking System

Keylogging Apps

Trojanization of App


ThreatMark’s solution is designed with Layered security in mind, as described by Gartner. ThreatMark’s AFS provides a holistic view across all channels, an only way which can reveal sophisticated types of online fraud.

Contact ThreatMark to find out more about our philosophy and let us describe why our customers report massive improvement in cyber-threat detection capabilities.

Originally published at



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store