This device is unable to play the requested video.

Banking Trojans are popular in cybercriminal schemes given the valuable data and financial service credentials they can steal in successful cyberattacks.

Banks find themselves a constant target for relentless attacks against their apps and infrastructure. Their names, too, are abused by threat actors which use them in phishing campaigns and through copycat malicious domains designed to dupe customers into handing over their account credentials.

Banking Trojans are considered one of the top threats to the enterprise today. In 2018 alone, Kaspersky Lab recorded roughly 900,000 financial malware-based attacks against users in 2018 — an increase of 16 percent in comparison to 767,000 attacks in the previous year.

The names of such malware may be familiar. Zeus, Redaman, BackSwap, Emotet, Gozi, and Ramnit are only some of the Trojan families which have gained prominence in the cybercriminal world, however, the operators of campaigns using banking Trojans are constantly cajoling for space and territory.

At least, this used to be the case. According to IBM’s Global Executive Security Advisor Limor Kessem and the IBM X-Force cybersecurity team, the top banking malware operators are now working together to distribute their malware.

On Wednesday, Kessem revealed new research on the cooperative trend, which builds upon the financial malware trends discussed in the latest IBM X-Force Threat Intelligence Index.

Trickbot, Gozi, Ramnit, and IcedID were the most active banking Trojans in 2018, and while other forms of malware have grown in popularity, it is the most active — and prevalent — forms of financial malware which are now being spread through cybercriminal partnerships.


The cybersecurity researchers say that the list is “populated by organized cybercrime gangs that have ties to yet other cybercrime gangs, each doing its part to feed the perpetual supply chain of a digital financial crime economy.”

“The banking Trojan arena is dominated by groups from the same part of the world and by people who know each other and collaborate to continue orchestrating high-volume wire fraud,” Kessem added.

Trickbot is one of the major players in the financial Trojan space. The Russian cybercriminals behind the malware, who target banks and wealth firms managing high-value accounts, have recently diversified into ransomware as part of a wider botnet strategy and are now working with…