Over one third of banking malware attacks in 2019 targeted corporate users

In 2019, 773,943 users of Kaspersky solutions globally were attacked by banking Trojans. Of those users, a third (35.1%) were in the corporate sector. African countries were affected too: almost every hundredth user (varying from 0.9 to 1%) in South Africa, Ethiopia, Nigeria and Kenya was attacked by banking Trojans at least once during the past year, yet the share of affected corporate users varied greatly in these countries. This is among the findings from Kaspersky’s analysis of the financial threat landscape.

Banking Trojans or ‘bankers’ are one of the most widespread tools for cybercriminals as they focus on stealing money. Bankers usually search for users’ credentials for e-payment and online banking systems, hijacking one-time passwords, and then passing that data to the attackers.

A third of these attacks in 2019 targeted corporate users, an increase from the figure (24% – 25%) that has remained fairly consistent for the previous three years. According to experts, the rationale of this is clear: attacks on the B2B sector could not only provide access to banking or payment system accounts, but, through employee exposure, could also compromise a company’s financial resources.

The collected data also shows that Ethiopia has the largest share of corporate users among those who are targeted by banking malware in African regions – it reached 71% in 2019, which means that almost two thirds of banking malware attacks in the country were aimed at the corporate sector. It is followed by South Africa, where this figure is significantly smaller and can be compared to the global number, reaching 30%. Kenya and Nigeria, however, saw this parameter being lower than average, with approximately a fifth (22.5%) of banking malware attacks in Kenya targeting corporate devices, compared to 13% in Nigeria.

“While the overall number of attacks with bankers decreased in 2019, the growing interest for corporate users’ credentials indicates we are not yet seeing respite from financial threats. We therefore ask everyone to stay cautious when conducting financial operations online from PCs. While we are in the current peak of remote working during the Coronavirus pandemic, it is especially important to not underestimate criminals’ desire for stealing money,” said Oleg Kupreev, security expert at Kaspersky.

The key findings of the report are:


  • In 2019, the share of financial phishing increased from 44.7% of all phishing detections to 51.4%.
  • Almost every third attempt to visit a phishing page blocked by Kaspersky products was related to banking phishing (27%).
  • The share of phishing-related attacks on payment systems and online stores accounted for almost 17% and over 7.5% respectively in 2019. This is more or less the same as 2018 levels.
  • The share of financial phishing encountered by Mac users fell slightly, accounting for 54%.

 Banking malware (Windows):

  • In 2019, the number of users attacked with banking Trojans was 773,943 – a decrease compared to the 889,452 attacked in 2018.
  • 35.1% of users attacked with banking malware were corporate users – an increase from 24.1% in 2018.
  • Users in Russia, Germany, and China were attacked most frequently by banking malware.

 Android banking malware:

  • In 2019, the number of users that encountered Android banking malware dropped to just over 675,000 from around 1.8 million.
  • Russia, South Africa, and Australia were the countries with the highest percentage of users attacked by Android banking malware.

Threats targeting businesses, such as banking Trojans and financial phishing, can and should be detected and blocked on a network level – even before they reach employee’s endpoints. In particular, the use of a secure Internet gateway solution like Kaspersky Security for Internet Gateway, ensures secure Internet traffic and transactions and prevents many types of malware and threats. Kaspersky solution has received positive honest customer feedback and been named a 2020 ‘Customers’ Choice for Secure Web Gateways’, according to Gartner Peer Insights Customers’ Choice.

In addition to this, Kaspersky experts advise businesses take the following measures against financial threats:

  • Invest in regular cybersecurity awareness training for employees to educate them not to click on links or open attachments received from untrusted sources. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails.
  • Leverage advanced detection and response technologies, such as Kaspersky Endpoint Detection and Response – part of the Threat Management and Defense solution. It makes it possible to catch even unknown banking malware and gives security operation teams full visibility over the network and response automation.
  • Use mobile protection solutions or corporate Internet traffic protection to ensure employees’ devices are not exposed to financial and other threats. The last one helps protect even those devices for which an anti-virus is not available
  • Provide your security operation center team with access to Threat Intelligence so it remains up to date with the latest tactics and tools used by cybercriminals.

To learn more about financial phishing and the other findings from the report, Financial Cyberthreats in 2019, read our blogpost on Securelist.com

Gartner Peer Insights Customers’ Choice constitute the opinions of individual end-user reviews, ratings, and data applied against a documented methodology. As such, they neither represent the views of, nor constitute an endorsement by Gartner.


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.