1(630)802-8605 Ravi.das@bn-inc.net

In the world of the Cyber attacker, there is one common tool that is still used.  Keep in mind, that when compared to Bitcoin and Ransomware attacks, this technique is considered to be still very old.  But even though it is a dinosaur, it is still stealthy and very covert.  This is what is known as a “Trojan Horse”.  It can be specifically defined as the following:

“A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems . . . Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system. These actions can include:

  • Deleting data
  • Blocking data
  • Modifying data
  • Copying data
  • Disrupting the performance of computers or computer networks”

(SOURCE:  https://usa.kaspersky.com/resource-center/threats/trojans)

So as you can see, it is a s software application that looks legitimate and safe enough to download, when it is really not.  Typically, the Trojan Horse malware is deployed through an attachment, like a Phishing E-Mail.  That is why you are told so often not to download attachments that look suspicious or that you are not expecting to receive.

To give you an example of just how stealthy the Trojan Horse has become, there is a new one out there called “BackSwap” that actually keeps track of the websites (or really the web pages) of the bank that you have your money with.  Once it determines the web pages that you frequent the most, it can then inject malicious code into your web browser in order to capture your sensitive data.

Apparently, this Trojan Horse was launched all the way back in January of this year, but the Cyber attackers whom were involved with its inception didn’t really do to much with until March.  The reason for the time gap:  They wanted to make this things as stealthy and covert as possible.  Just how is this exactly deployed onto the computer of an end user?  Here is how:

BackSwap is deployed as a modified version of a legitimate app, with the malicious code being executed during the initialization phase when the bank’s web page opens up.  But, the original code never used again.  This clearly demonstrates a focus on increasing the level of covertness instead of tricking the user into believing they are running the legitimate app.  As a result, this makes the malware more difficult to spot.

From this point onwards, it then immediately copies itself into the startup folder of your computer, and from there, then starts up its with its nefarious functionality. BackSwap then installs “event hooks” to monitor the visited banking web pages. Finally, it then transfers s the malicious JavaScript and injects it into the browser in order to steal your confidential information, such as your username and password.

It is important to note that BackSwap can target Chrome, Firefox, and Internet Explorer, but it will still deploy itself work on most other browsers of today (such as Safari, Opera, etc), as long as they have a JavaScript console available or support execution of JavaScript code.

Apart from your stealing your username and password, BackSwap can also even initiate wire transfers without you even knowing about it.  For example, a specific JavaScript code is designed for each targeted bank and injected into the web pages that BackSwap identifies as initiating a wire transfer request. The code then replaces the recipient’s bank account number with a different one, which results in money being sent to the Cyber attacker’s account instead.

Interestingly enough, BackSwap has only targeted primarily financial institutions that are based in Poland, such as the following:

  • PKO Bank Polski;
  • Bank Zachodni;
  • WBK S.A.;
  • mBank;
  • ING;
  • Pekao.

Also, the Cyber attackers are not interested in large wire transfers, rather; they only target those wire transfer requests in the amount ranging from $2,800.00-$5,000.00).  But as they say in the world of Cyber security, small leads to big in the end.

At this point, there are no firm reports of BackSwap impacting United States based financial institutions.  But, this doesn’t mean either that you should let your guard down.  There are plenty of other Trojan Horses that are out there just waiting to be deployed on your computer or wireless device.