BackSwap is a banking trojan that was first seen earlier this year in March targeting Polish banks, but it has been recently seen that BackSwap is targeting six major banks in Spain. The trojan is based on the Tinba trojan and has one objective: to hijack banking credentials and drain those accounts. BackSwap is not distributed widely, however it is believed that the attackers could be warming up for a major campaign. Researchers believe this because of the limited number of banks that have been targeted in each country. The trojan is typically delivered via phishing emails and retrieves its payload when a user opens the malicious document. BackSwap is also known to be hidden in forged copies of popular computer software. Once the trojan is installed on a system, it injects JavaScript into the address bar which is used to bypass security for the browser and any additional third-party security controls ran by the bank itself. Backswap utilizes man-in-the-middle attacks to alter what the victims see for financial gain. According to researchers, “BackSwap isn’t currently among the most prominent forms of banking trojans, but it’s still effective. If the campaigns do get larger, it could easily become one of the most prevalent forms of financial malware.” Users are always advised to be cautious when opening attachments or clicking links from unfamiliar sources.
