In recent years Banking Trojans have taken the back seat to Ransomware. However the past few months have seen banks in the US, Japan, Singapore and Canada all hit by large scale banking Trojan attacks.  Banking Trojans are a type of malware specifically designed to break into an online bank account and transfer money to other accounts controlled by criminals. The attack is usually mounted through Phishing attacks with malicious Microsoft word documents attached.

Canada alone was hit by 6 different malware variants (Ursnif, Dridex, Kronos, Zeus, Gootkit and Vawtrack). Instead of being delivered through a fake email from a customer’s bank, however, these viruses have been masking themselves as official emails from Microsoft. These fake emails ask the victim to download a contaminated Word document or follow a link to a site featuring a direct link to the malware.

A report released by Trend Micro on a type of banking malware called “BEBLOH” noted that the Trojan grew from 324 detections in Japan in December 2015 to more than 2,500 detections in March 2016. With Japans reported loses through banking Trojans to be 2.65 Billion yen ($25.6M) in 2015, this number is expected to rise significantly in 2016.

The heart of banking malware activity is found in Brazil where cybercriminals are known to advertise banking Trojans as a service for anyone to buy and where packages start at just $600. These Brazilian cybercriminals are even known for advertising their services on YouTube.

The lesson here is a familiar one: Users need to be trained to steer clear of emails from unknown senders and those with attachments and links from anyone but verified, known senders.