Cybercriminals are increasingly using ransomware-as-a-service (RaaS) platforms to launch banking trojans, according to specialty insurance and underwriting services provider Beazley. They also are leveraging banking trojans to attack small businesses via phishing emails.Hackers deploy banking trojans to harvest a victim's account details. They typically use the following steps during a banking trojan attack:New banking trojans perform reconnaissance on email accounts and deploy other malware onto victims' systems, Beazley said. In addition, cybercriminals exploit stolen credentials to access financial accounts, defraud via business email compromise and commit identity theft.
- A phishing email is sent to an end user.
- A user clicks on a malicious link in the email; this launches a macro used to install or download a banking trojan.
- The banking trojan disguises itself on a user's system.
- The banking trojan spreads through a system's network.
- The banking trojan reaches the network's endpoints and downloads additional malware.




