The bad guys are at it again. Anti-virus experts at Avast are warning that a Trojan virus called Tiny Banker has arrived in the U.S., targeting online banking customers at a number of major financial institutions. But what makes Tiny Banker truly dangerous is the wealth of information it attempts to collect. Unlike the Zeus banking virus that made the rounds last year, one successful attack by Tiny Banker could give hackers all the information they need to break into all of your financial accounts and then some.
The Tiny Banker Trojan virus appears to infect computers through an exploit in Flash or Silverlight software (you may have installed it to watch Netflix) embedded on certain webpages. Once downloaded on your computer, Tiny Banker lays in wait until you visit an online banking website. It then injects its own fake web form into the otherwise legitimate site, which, if filled out, is sent directly to the scammers. According to Avast, target bank websites include: Bank of America, Associated Bank, America’s Credit Unions, Etrade Financial Corporation, US Bank, Banco de Sabadell, Farmers & Merchants Bank, HSBC, TD Bank, BancorpSouth, Chase, Fifth Third Bank, Wells Fargo, StateFarm, Regions, ING Direct, M&T Bank, PNC, UBS, RBC Royal Bank, RBS, CityBank, Bank BGZ, Westpack, Scotiabank and United Services Automobile Association.
The fraudulent forms request a wealth of data including your name, credit card number, CVV, PIN, Social Security number, date of birth, mother’s maiden name and driver’s license number. It’s a terrifying complete amount of information that gives hackers all the tools they need to reset your passwords and access other online banking accounts. Thieves could even perpetrate a full-on identity theft, opening new accounts in your name with the data.
The best way to stay protected from this and other similar threats is, of course, to keep your anti-virus and other computer software up to date. Otherwise, use common sense caution – no legitimate online banking website would ask for that much info to verify your identity. Also note that Tiny Banker seems to use the same webform design in all its attacks, so hold off on sharing any data with a form that uses the same yellow shield and “currently updating” language.