New malware targets online banking, ‘waits silently in background,’ experts say

New malware that is putting customers who bank online at risk is described as a sneaking up on victims, like a serpent.

“This malware waits silently in the background. People won’t know, they won’t see flashing lights on their screen,” UW-System Chief Information Security Officer Nicholas Davis said.

No alerts or sirens will ring, which makes the risk of getting hacked while banking online even more of a shock when it happens.

“In this case it is designed to be stealth-like to operate without their knowledge in the background,” Davis said.

Davis said it’s because the virus, known as GoZnym, impacts a computer in two parts. First, it infects computers without raising any red flags. Secondly, the virus waits until the user visits their online banking account to steal personal information.

“As soon as you start visiting a banking site it will grab your username and password for something called a key logger as you type it in on the keyboard and at that point it now knows the website that you’ve visited, the bank, plus it knows your login credentials,” he said.

Different from other malwares, GoZnym is harder for researchers to stop the virus.

“People who are writing the software code are getting better and better, and it’s always a game of leap frog with the anti-malware professionals,” Davis said.

Millions of dollars have already been lost at banks in the U.S., Canada and Europe from unsuspecting victims according to IBM Security.

“From reports I’ve seen, it’s been developed by very sophisticated programmers, not just the kid down the street in the basement. Financial institutions just keep spending more and more money to make sure we stay on top of and ahead of these,” said Rose Oswald Poels, president and CEO of the Wisconsin Bankers Association.

According to Poels, the Wisconsin Bankers Association schedules examinations every 18-24 months to make sure they have the latest encryption and software to protect customers’ money. The association also works to make sure customers are compensated for money lost, but she said to avoid reaching that point it takes a joint effort.

“Really look at your accounts every day and help spot that suspicious or fraudulent activity. It’s really a shared partnership between the banks and the consumers that will help protect everyone from loss,” she said.

To protect yourself, Davis suggests not using the same password for accounts and change them frequently. Avoid using public computers and Wi-Fi. He also suggests having two separate computers, one to use for personal information and a secondary computer to use for surfing the web.

“We need online banking. We need to be able to execute transactions and know what’s on our accounts. I urge people to not run away from online banking but to be thoughtful,” Davis said.