Facebook Messenger is one of the most popular messaging apps in the world, with over 1 billion monthly active users. Unfortunately, its huge user base also makes it an attractive target for cybercriminals looking to spread malware and steal personal data. One trend that has emerged is the use of Messenger to propagate banking trojans – a type of malware designed to steal online banking credentials and financial information.
What Is A Banking Trojan?
A banking trojan is a type of malware that is designed to steal confidential data related to online banking and financial accounts. It operates by infecting a victim’s device and monitoring their activity. When the user accesses online banking sites or financial applications, the trojan can record keystrokes, take screenshots and video, and steal login credentials.
Some capabilities of banking trojans include:
- Keylogging to record sensitive information entered by the victim
- Form grabbing to harvest login credentials and account numbers
- Taking screen captures of banking activity
- Redirecting banking transactions and altering amounts
- Injecting fake login pages to trick users
Banking trojans are a lucrative business for cybercriminals, as the stolen financial data can be used for activities like unapproved wire transfers, opening fraudulent accounts, and stealing directly from bank balances. Losses can easily run into the thousands or millions.
How Messenger Is Used To Spread Banking Trojans
Cybercriminals have become adept at leveraging Facebook Messenger for malware distribution and banking fraud:
Social Engineering Schemes
Messages containing social engineering tricks are sent to unsuspecting users to infect devices or steal credentials:
- Links to fake banking pages asking users to “verify account activity”
- Messages warning of “unauthorized charges” with a malicious attachment
- Requests for sensitive information like account numbers or passwords
Malicious Links
Messages will contain malicious links that download trojans and other malware:
- Shortened URLs that redirect to trojan download pages
- Links to phishing sites that mimic bank login pages
- Links that automatically trigger downloads of infected files
Infected Attachments
Infected attachments sent via Messenger contain embedded trojans:
- Invoice or receipt files that carry banking malware
- Malicious PDFs or Office documents
- Image files that trigger malware downloads when opened
Messenger Bots
Hackers create Messenger bots that distribute banking malware:
- Bots engage users in conversation using natural language processing
- After gaining trust, bots send links or files containing trojans
- Legitimate-looking bots focused on banking, financial tips, etc.
Protecting Yourself from Banking Trojans on Messenger
Here are some tips to avoid falling victim to banking trojan scams on Facebook Messenger:
Be Wary of Unsolicited Messages
Never open links or attachments from random or unknown contacts – common sense but critical. Cybercriminals often pretend to be someone you know.
Check Sender Profiles
Scrutinize a messenger contact’s profile before engaging. Scammers use fake accounts with no profile pic, minimal connections, etc.
Avoid Mobile App Links
Only install mobile apps from official app stores like Google Play. Ignore unauthorized app links sent via Messenger.
Use Security Tools
Antivirus software and internet security suites can detect and block many banking trojans and phishing URLs.
Monitor Accounts Frequently
Carefully monitor financial accounts after accessing via Messenger. Watch for fraudulent transactions indicating theft.
Staying vigilant on Messenger and using secure banking practices can help mitigate the risk of banking trojan infections. But user awareness is the best defense against this prominent social engineering threat.
