July 1, 2016
Canadian users have been hit hard by banking trojans during recent months, with US security vendor Proofpoint reporting about six different malware variants targeting users in this country, namely Dridex, Gootkit, Kronos, Ursnif, Vawtrak, and Zeus.
Banking trojans don’t actually operate based on the user’s country, but based on the financial institution they plan to spoof and steal money from. Of course, there will be some overlap between different banking trojans since most will target developed countries, where users have larger sums in their bank accounts.
What is strange is the fact that, in a short period of time, a large number of these banking trojans targeted users of Canadian financial institutions.
The first campaign Proofpoint detected was one that took place starting May 17, 2016. This one used spam emails that contained a link to a malicious file.
The emails tried to pass as Microsoft security alerts, and the downloaded file would install the Kronos trojan, first seen on the malware scene after July 2014. Besides Canadian targets, this Kronos campaign also went after Australian and US users.