Top 5 Malware to Watch Out This Holiday Shopping Season

Online shoppers and e-commerce site owners alike need to watch out for trojan malicious software (malware) programs that are out in force this year-end’s busy holiday shopping season.

Kaspersky Labdocumented 14 trojan malware programs that are out in force this holiday shopping season that target e-commerce brands to steal from victims.

Trojan is a malware type that’s often disguised as a legitimate software. The most popular trojans are the banking trojans, which traditionally target users of banking and financial institutions’ online services, stealing financial data. Over time, these banking trojans target online shoppers of e-commerce sites.

According to Kaspersky Lab, banking trojan detections in e-commerce-related activity has increased steadily over the last few years. In 2015, trojan detections in e-commerce-related activity reached 6.6 million, and this number rose to 12.3 million in late 2018, with a 12% rise between 2016 and 2017, and a 10% expected rise between 2017 and 2018.

The motivation behind the trojan attacks is basically for financial gain. First, attackers could use the stolen credentials to buy items on the e-commerce site and then sell those items again. Second, attackers could sell the stolen credentials. Simple Google search conducted by Kaspersky Lab researchers yielded over 3 million sets of e-commerce credentials up for sale.

Top Trojans Targeting E-Commerce Sites

Here are the top 5 trojans that target users of e-commerce sites:

1. Betabot Trojan

Betabot trojan was first detected in 2013. This trojan infects a computer by showing a fake Microsoft Windows message box with the heading “User Account Control”. The user is asked to allow the “Windows Command Processor” to make administrator-level changes and assures the user that it’s verified by Microsoft.

In addition to the above-mentioned message, Betabot attackers also use a message that frightens users through a fake “Critical Disk Error” warning, prompting users to approve the “User Account Control (UAC)” pop-up.

Once the user allows administrator-level changes by approving the “Windows Command Processor” or the “User Account Control (UAC)”, the trojan then makes modifications on the user’s computer, enabling attackers to steal log-in credentials and financial data while also disabling antivirus and malware scan software, as well as preventing the user to access security websites.

This trojan infects computers in several ways, including fake links from services such as Skype or in emails that ask users to download a “video player” or similarly innocent-sounding software. The victims, instead, download the Betabot trojan.

2. Gozi Trojan

Gozi trojan was first detected in 2007. The source code of this trojan was leaked online in 2010, enabling other attackers to modify this code. The 2013 version of this trojan included a rootkit that makes this trojan survive even after the reinstallation of the operating system. The 2016 version of this trojan allows attackers to monitor the activities of a victim through the latest browser. 

Gozi infects a victim’s computer in several ways, including disguising as .pdf document which, when opened, secretly installs the trojan on the victim’s computer. The data captured by the trojan such as personal bank account information, usernames and passwords are then transmitted to the computer servers controlled by the attackers.

3. Zeus Trojan

First detected in 2007, Zeus trojan is considered as the father of so many banking trojans. The source code of this trojan was leaked online in 2011, resulting in numerous variations of the trojan. Zeus trojan has 2 major functionalities:

First, this trojan creates a botnet, a group of compromised computers controlled by the attackers. Through this botnet, the attackers collect massive amounts of information.

Second, this trojan steals banking credentials from the machines it infects. Stealing data is done through “form grabbing” whereby attackers save the data that the user enters into forms on a website. On an e-commerce website, this data typically includes login and password combination, credit card number, expiration date and card verification value number.

Zeus infects victims’ computers either by spam messages or drive-by downloads. Spam messages often come from emails or messages and postings on social media sites. Once a user clicks on a link in the email or posting, the victim is then directed to a website that automatically installs the trojan.

In a drive-by download, an attacker compromises a legitimate website by inserting the trojan’s code into the compromised website. This trojan then installs itself when the user visits the compromised website.

4. Chthonic Trojan

Chthonic trojan was first detected in 2014. It’s one of the most well-known variations of the Zeus trojan. This trojan features loads of illegal services, including collecting system information, stealing passwords, log keystrokes, intercepting data entered in online forms in web browsers, remotely connecting to a compromised computer and perform banking and e-commerce transactions.

Chthonic trojan infects victims’ computers by emails containing the trojan and downloading the trojan using the Andromeda bot – an HTTP based botnet.

5. SpyEye Trojan

SpyEye trojan was first detected in 2010. This trojan is another known variation of the Zeus trojan. Like Zeus, SpyEye captures keystrokes and steals login credentials through the form grabbing method. This trojan features a rootkit component which hides its malicious activity. A user could be victimized by SpyEye trojan by visiting a website that has been compromised by attackers.


Here are some measures in preventing trojan attacks in case you’re a user of an e-commerce site:

  • Use a powerful and updated antivirus and malware scan solution
  • Avoid buying items from potentially dangerous sites or copycat versions of trusted e-commerce sites
  • Never click on links in email or social media messages from a stranger or even from someone you know, except when you were expecting the message

If you’re an owner of an e-commerce site, here are some measures in preventing trojan attacks:

  • Keep your online payment platform software up-to-date
  • Limit the number of attempted transactions
  • Use two-factor authentication that’s verified by MasterCard, Visa Secure Code, and others

If you need help, out team of IT and security professionals is ready to help. Call today 416-920-3000and sleep better at night knowing that your infrastructure and your data are well protected by top industry experts.

Leave a Reply

Your email address will not be published. Required fields are marked *