Script-based malware detection in Online Banking Security Overview

Online banking applications are particularly exposed to malware attacks. In order to prevent stealing from customer accounts, banks have invested in malware detection mechanisms.

Adam Zachara 2015.06.09

Online banking applications are particularly exposed to malware attacks. In order to prevent stealing from customer accounts, banks have invested in malware detection mechanisms. These programs are not installed on clients’ computers but rather implemented server-side or by including some JavaScript code on protected websites. We have tested such solutions which are using different detection methods. To name a few:

  • behavioral patterns,
  • web injects signatures,
  • user input analysis.

Our research points out clearly that even products sold as a “100% malware proof solutions” have serious implementation errors and it is only a matter of time when malware creators start targeting their guns against these vulnerabilities, effectively bypassing or abusing these countermeasures. Is it a road to failure or is there still time to improve these solutions? In this document we present security analysis of those solutions from attacker point of view and recommendations for improvement.

See also our presentation from Black Hat Asia and Confidence: “Bypassing malware detection mechanisms in online banking

Get this material on your inbox

Get
Adam Zachara
Adam Zachara Managing Partner