Desktop Banking Trojan

In the world of malware for Windows desktop systems, we can find multiple categories, each of which is based on what malicious activity the software presents and how it carries it out. We usually talk about "trojans" and, more specifically, "bank trojans".

This category of malware has been one of the most active for many years, although it's true that in recent years there have been more ransomware attacks that have been detected.

In addition to banking malware, we can find other types of malware, some focused on spying on the activity of their victims, while others are intended to simply remain installed on the infected computer, waiting for the control server to send them the commands with the tasks they must perform. The latter are often used to carry out denial-of-service attacks, using the entire network of infected computers.

Throughout this report, we will review the different types of malware, paying special attention to banking malware that is meant to steal its victims' bank credentials and, ultimately, their money.

If you want to know in detail how Banking Trojan works, download the complete report.


Desktop Banking Trojans

Over the years, bank trojans have not only evolved by incorporating multiple techniques, we can also find families that have become droppers of other more profitable types of malware, such as ransomware. Still, the fight against banking malware continues, as there are still a significant number of families of this type, which distribute new samples every day in order to infect new victims and steal their credentials.

Most banking trojans use accessibility events to detect when an application is opened, before showing a webinject with a phishing form that siphons off the victim’s credentials.


Posted by David Morán

David has more than 15 years’ experience in cybersecurity, systems and development, starting out in an extinct hacking team known as Badchecksum. He collaborated on Defcon 19 with the Painsec security team. He is versed in scalable environments thanks to his work at the Tuenti social network with a traffic load of over 12Gbps. He has been involved with buguroo almost since the outset and has taken part in all the tools developed by the company, including source code analysers, malware analysis, cyber intelligence, etc. He also has in-depth knowledge of the Linux kernel, having developed LKMs that acted as rootkits as well as malware for Windows environments. He is currently the head of Revelock’s development team, managing task distribution and negotiating with the Head of Technology.



buguroo’s cloud-based fraud detection delivers a straightforward solution for detecting and stopping today’s – and tomorrow’s malware threats. Banks and their customers can be protected from one of the most malicious threats in use by cybercriminals.


Solicita una demo

Would you like to know how our solution protects your bank?

Check how our solution can help you to resolve your company's online fraud issues by requesting a free DEMO and we explain it to you in detail.

Watch video