Financial professionals targeted by sophisticated 'keylogger' malware

New computer viruses designed specifically for financial institutions can avoid attack, steal login information and hijack payment transfers

Jun 6, 2018 @ 10:14 am

By Ryan W. Neal

The good news is that financial institutions are better than other industries at preventing malware and other hacker threats, according to a new report from cybersecurity firm Lastline.

The bad news: that higher level of security is inspiring more sophisticated attacks.

Lastline's analysis of malware samples found at all kinds of finance firms included an unusually large number of keyloggers, a type of malware that records keystrokes entered into a computer and sends username and password information out to a third party.

(More: Finra: Firms begin to heed cybersecurity, but have much to do)

Instead of phishing scams, which use a fake website page to convince victims to enter their information, keyloggers are programs downloaded, usually through an email attachment, and act in the background. Instead of information to one website, keyloggers can track every user name and password entered, and even gather answers to security questions.

Andy Norton, Lastline's director of threat intelligence and author of the report, said one keylogger can result in 50 sets of stolen login credentials.

"Keylogging is more bang for the buck for the attacker," Mr. Norton said.

In particular, financial institutions are being targeted by two keyloggers, Emotet and URSNIF, which were designed specifically to operate undetected in a firm's technology, Mr. Norton said. These malwares, which infect a computer through a Microsoft Office document, can evade detection and hijack transfer payments.

"They are aware of a financial system's back end," Mr. Norton added. "The malwares are built to survive in an enterprise security network."

Lastline's analysis found that financial institutions faced 47% more malicious files than the global average, and 20% more of these advanced malwares.

(More: This is the No. 1 cybersecurity threat to financial advisers, experts say)

Mr. Norton's advice to advisers is to not simply rely on the cybersecurity provided by their home office, but to educate employees and clients on how to be safe online. As with phishing scams and other cyber-threats, advisers and clients both have to be vigilant in which websites they visit, who they share information with, and what they download.

"If you understand what something is doing before you let it into your environment, you can have a higher level of resilience," he said.


What do you think?

View comments

Recommended for you

Featured video


How InvestmentNews picks its Women to Watch winners

The process is laborious and exacting, but well worth it. The end result each year is an impressive group of women in the advice industry from whom others can draw inspiration.

Latest news & opinion

Some good news about female recruitment in financial advice

Each of four core advisory positions tracked in InvestmentNews' benchmarking study has seen an uptick in women entrants.

10 ETFs that are up more than 35% this year

Amid the stock market carnage, there are still some funds posting big gains.

10 biggest HSA providers rated

Morningstar rated the largest plan providers as investment and spending vehicles.

Morningstar: DOL fiduciary rule reduces inflows to mutual funds with high loads

With the measure's demise, will the SEC's advice reform sustain the momentum?

6 tax strategies for year-end planning

How to help clients maximize their wealth using specific tax strategies before the end of the year.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print