Financial professionals targeted by sophisticated 'keylogger' malware

New computer viruses designed specifically for financial institutions can avoid attack, steal login information and hijack payment transfers

Jun 6, 2018 @ 10:14 am

By Ryan W. Neal

The good news is that financial institutions are better than other industries at preventing malware and other hacker threats, according to a new report from cybersecurity firm Lastline.

The bad news: that higher level of security is inspiring more sophisticated attacks.

Lastline's analysis of malware samples found at all kinds of finance firms included an unusually large number of keyloggers, a type of malware that records keystrokes entered into a computer and sends username and password information out to a third party.

(More: Finra: Firms begin to heed cybersecurity, but have much to do)

Instead of phishing scams, which use a fake website page to convince victims to enter their information, keyloggers are programs downloaded, usually through an email attachment, and act in the background. Instead of information to one website, keyloggers can track every user name and password entered, and even gather answers to security questions.

Andy Norton, Lastline's director of threat intelligence and author of the report, said one keylogger can result in 50 sets of stolen login credentials.

"Keylogging is more bang for the buck for the attacker," Mr. Norton said.

In particular, financial institutions are being targeted by two keyloggers, Emotet and URSNIF, which were designed specifically to operate undetected in a firm's technology, Mr. Norton said. These malwares, which infect a computer through a Microsoft Office document, can evade detection and hijack transfer payments.

"They are aware of a financial system's back end," Mr. Norton added. "The malwares are built to survive in an enterprise security network."

Lastline's analysis found that financial institutions faced 47% more malicious files than the global average, and 20% more of these advanced malwares.

(More: This is the No. 1 cybersecurity threat to financial advisers, experts say)

Mr. Norton's advice to advisers is to not simply rely on the cybersecurity provided by their home office, but to educate employees and clients on how to be safe online. As with phishing scams and other cyber-threats, advisers and clients both have to be vigilant in which websites they visit, who they share information with, and what they download.

"If you understand what something is doing before you let it into your environment, you can have a higher level of resilience," he said.


What do you think?

View comments

Recommended for you

Featured video


The importance of a diverse team

Clients, advisers, and even communities are telling firms that yes, diversity within the advisory community is important.

Latest news & opinion

Private Ocean grows to $2.2 billion with acquisition of Mosaic Financial

Combined financial planning operation gives the firm an expanded footprint in the San Francisco area.

LPL video about private equity looks like a swipe at Cetera

Recruiting video warns about potential consequences for advisers when a PE firm buys a broker-dealer.

Ladenburg chairman Phillip Frost steps down

The SEC charged Frost with fraud earlier this month.

Wells Fargo plans to cut staff up to 10% within next three years

Bank is struggling to cut spending amid regulatory fines and higher legal costs stemming from scandals.

Universal life insurance lawsuits underscore product risk

Sudden cost increases could cause clients to pay much higher annual premiums — or lapse their policies.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print