Financial Attacks Grow by 16% in Q2 2016 as Malware Creators Join Forces

Nearly 2-in-10 PH Computers Infected with Malware

Financial malware is evolving through collaboration between malware creators, according to the results of Kaspersky Lab’s IT threat evolution Report for Q2. During the quarter Kaspersky Lab products blocked 1,132,031 financial malware attacks on users, a rise of 15.6% compared to the previous quarter.

One of the reasons for the rise is the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.

Banking Trojans remain the most dangerous online threats. These malware are often propagated via compromised or fraudulent websites and spam emails and, after infecting users mimic an official online banking page in an attempt to steal users’ personal information, such as bank account details, passwords, or payment card details.

According to the Kaspersky Lab statistics for the quarter, Turkey became the country most attacked by this type of malware: 3.45% of Kaspersky Lab product users in the country encountered such an online threat during the quarter. Russia was in second place, the target of 2.9% of online threats, followed by Brazil with 2.6%.  The Olympic Games are likely to push Brazil up the attack list in Q3.

The main culprits were the Gozi and Nymaim banking Trojans, with the authors of both joining forces.

The Nymain Trojan was initially designed as ransomware, blocking access to users’ valuable data and then demanding a ransom to unblock it. However, the latest version includes banking Trojan functionality from Gozi source code that provides attackers with remote access to victims’ PCs.

Additional, and apparently also joint efforts have been put into the distribution of this malware and this cooperation pushed both into the top 10 financial malware rating.  Gozi took second place with 3.8% of users whose security software triggered a financial malware detection, while Nymaim took sixth place with 1.9%.

The list of financial malware continues to be led by Zbot. 15.17% of those hit by financial malware were attacked with this Trojan.

“Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Yet another example is the Neurevt Trojan family. This malware was used not only to steal data in online banking systems, but also to send out spam. We at Kaspersky Lab are responding to this situation by expanding and sharpening the way we detect and classify financial malware – so that we can block it even faster,” notes Denis Makrushin, Security expert at Kaspersky Lab.

Nearly 2-in-10 Computers in PH Infected in Q2 2016

The report based on Kaspersky Security Network (KSN) also revealed Kaspersky Lab products detected 23,719 Internet-borne malware incidents on the computers of Philippine-based KSN participants during the second quarter of 2016.

This means 14.78 percent or nearly two in 10 desktops in the country have encountered malware threats from April until June this year. This ranked the Philippines in the 44th spot among 213 countries with the greatest proportion of computers where malicious objects have been discovered.

Aside from the internet-based malware, the country has also remained one of the prime targets of mobile malware. It can be recalled that the Philippines placed 7th in nation’s most-attacked of this type of threat during the first quarter of 2016.

The country is not among the top 10 nations in terms of mobile malware infection for Q2 2016. But the Philippines is still well-within the “high-risk” group which recorded 15 to 37 percent number of users attacked. This means at least two-in-10 Filipino mobile users remain highly vulnerable to this type of threat.

“Mobile malware infections in the Philippines for 2016’s second quarter were not as high as the recorded incidents during the first three months of the year, but it is still among the most vulnerable countries. Filipinos should still be vigilant against mobile threats. Eager hackers are stealthily doing everything to steal the privacy, the identity and the money of more than 40 million smartphone users in the Philippines. No one is exempted, everyone is vulnerable,” warns Anthony Chua, Territory Channel Manager for the Philippines and Singapore at Kaspersky Lab Southeast Asia.

Meanwhile, the top 10 countries in terms of users infected with mobile malware in Q2 2016 include China (36.31%), Bangladesh (32.66%), Nepal (30.61%), Uzbekiztan (22.43%), Algeria (22.16%), Nigeria (21.84%), India (21.64), Indonesia (21.35 %), Pakistan (19.49%) and Iran (19.19%). All countries in the top ten list except China are attacked mostly by mobile Adware.

The safest countries were Austria (3.6%), Sweden (2.9%) and Japan (1.7%).

Other online threat statistics from the Q2, 2016 report include:

  • In total, in Q2 Kaspersky Lab products blocked 171,895, 830 online attacks against users.

  • Malware originated in 191 countries, although an overwhelming 81% came from just ten countries, led by the USA, (35.4%) Russia (10.3%) and Germany (8.9%).

  • 54,539,948 unique URLs were recognized as malicious by the company’s security solutions, a 17% decrease on the same quarter in 2015.

  • Every fifth PC user faced web-attack at least during the quarter.

  • Kaspersky Lab products detected 16,119,489 unique malicious objects: scripts, exploits, executable files, etc.

  • The safest countries for online activity were Canada (15%), Romania (14.6%) and Belgium (13.7%), while the countries at highest risk of Internet infection were Azerbaijan (32.1%), Russia (30.8%) and China (29.4%).

To mitigate the risk of infection, users are advised to:

  • Use robust security solutions and make sure they keep your software up to date.

  • Regularly run a system scan to check for possible infection.

  • Stay wise while online. Do not enter personal information into a website if you are at all unsure or suspicious.


Kaspersky Security Network is a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide participate in this global exchange of information about malicious activity.

Read the full version of the Kaspersky Lab’s IT threat evolution in Q2 Report at Securelist.com.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *