Kaspersky Lab observed the threats targeting 67 e-commerce brands including 33 consumer apparel sites, eight consumer electronic outlets and three online retail platforms. Banking trojans made up more than half of the malware tracked by Kaspersky. They included the following families: Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye.
Some of the trojans were more active than others. At the time of this writing, Betabot led the pack at 46 different brands targeted. It was also the only malware family to target entertainment and gaming websites. Gozi and Panda weren’t too far behind at 36 brands and 35 brands, respectively.
Despite those variations in activity, researchers spotted all of the trojan families using e-commerce brands to steal people’s account information and payment details. Some of the malware were engaged in intercepting input data on targeted sites to make off with users’ credentials. Others had resorted to modifying online page content or redirecting users to phishing pages.
Researchers at Kaspersky Lab have a theory for why computer criminals are using banking trojans to target e-commerce websites. As they explained in their alert:
One possibility is financial gain by selling the credentials: our research uncovered over three million sets of e-commerce credentials up for sale on a marketplace easily accessible through the Google search engine. The highest prices are charged for what appear to be hacked merchant accounts.
The security firm hypothesized that the criminals might also be interested in using the compromised credentials to steal access to users’ accounts and leverage them in money-laundering operations.
Given these active attack campaigns, Kaspersky Lab recommended users install an anti-virus solution onto their devices and to not click on suspicious links. It also advised online brands to use a fraud prevention solution and to always employ two-factor authentication.
Here’s some additional guidance on how to stay safe online ahead of and during Black Friday.