We investigate malware that is specific to the banking and financial services industry. This includes working out attack vectors and targets. Portions of this research overlap with the Threat Profiling theme, especially where we attempt to identify authorship invariants from specific malware authors or groups.
Our investigations have led to improvements in detection, identification and profiling. Our focus on banking malware includes analysis of mobile malware, botnets and rootkits. Strategies include both client-side improvements to safety and awareness, as well as server-side detection of fraud, attacks and the use of stolen credentials.