Creating effective and stealthy banking malware is becoming increasingly difficult, forcing malware authors to come up with innovative methods. The latest creative burst in this malware segment comes from a group that initially came up with malware stealing cryptocurrency by replacing wallet addresses in the clipboard.
“To steal money from a victim’s account via the internet banking interface, typical banking malware will inject itself or its specialized banking module into the browser’s process address space,” ESET malware researcher Michal Poslušný notes.
The success of this approach depends on the injection not be detected by security solutions, modules matching the bitness of the target browser, and the banking module hooking browser functions, and their location varies from browser to browser.
Read more at HelpNetSecurity.