The global banking sector witnessed an increase in malware attacks in quarter one of 2020 amid adoption of online banking following the outbreak of the coronavirus.
The attacks were dominated by 'JS/Spy.Banker', which accounted for more than a third of all banking malware detections.
They target sensitive banking and credit card information from victims’ browsers.
"Win/Spy.Ursnif saw the most significant change — a jump from 5.9 percent of banking malware detections in quarter four 2019 to 13 percent in quarter one 2020," latest Threat Report shows.
Ursnif, a variant of the Gozi malware, is a high-profile and active banking malware that specialises in credential and data theft. It is spread via email through malicious links and attachments as well as exploit kits.
The uptick in detections is attributed to malicious spam attachments that were observed at the beginning of the year.
"These spam messages claimed to be about legislative changes for 2020, while the executable attachments were disguised as PowerPoint Presentation (PPT) or Poryable Docjment Format (PDF) files," it says.
However, the reports states quarter one recorded an overall drop in ransomware with January 2020, seeing the most action despite a slow start after New Year’s Eve.
"The uptick in January was caused by two major campaigns: one by the Crysis family (12.9 percent of all Filecoder1 detections in January) and another targeting South African users by the Sodinokibi family (13.4 percent of all Filecoder detections in January)," it adds.
WannaCryptor dominated the top 10 ransomware family ranking throughout the first quarter of 2020, even though it is almost three years since its largest outbreak in May 2017.