Trojans that used to target banks and financial institutions are now targeting e-commerce websites. As Black Friday, one the largest and busiest shopping event of the year known for its big price slashes approaches, shoppers are warned to be mindful when shopping online.
According to Kaspersky Lab, 14 malware families targeting e-commerce websites have been identified. 9.2 million attempts to attack were reported at the end of the third quarter of 2018, versus 11.2 million throughout 2017. Kaspersky also recorded over 10% increase in e-commerce trojan activity over the past few years.
The main objective of these new breed of trojans is to steal customers’ personal data such as credit card details. Targeted at online shoppers, they are capable of infecting devices, automate transactions and record videos. Most popular trojans are also able to track and monitor user activity. After tracking user browsing patterns, the attackers are able to redirect users to a phishing website to steal their credentials.
The 14 malware families were found to be targeting 67 e-commerce websites, of which 33 are from consumer brands, 8 online entertainment and gaming products, 3 popular telecommunication sites, online payment and sale platforms. Major virus families targeting e-commerce websites are Betabot, Panda, Gozi, Zeus, Chthonic , TinyNuke, Gootkit2, IcedID and SpyEye. Betabot targets 46 different brands and entertainment and gaming sites, Gozi targets 36 brands and Panda targets 35 brands.
In terms of target locations, Europe is the most targeted region in 2018, with Italy, Germany and France recorded highest malware attack activities. America came in close second, as well as other emerging markets such as Russia and India.
Precaution methods for online shoppers:
- Avoid clicking unknown links as they might initiate malware downloads or redirect you to unsafe websites
- Be wary of online surveys and lotteries with attractive prizes.
- Ensure you have an updated anti-virus or security solution on all connected devices
Precaution methods for online retailers:
- Engage with a reliable payment gateway provider and be aware of any updates as it may cause vulnerabilities
- Limit the number of attempted transactions on each payment
- Consider using a fraud prevention solution
- Use a customised security solution to protect your business and customers
Written by: Liwen