While cyber threats are debilitating for all sectors, the banking Trojans are among the most damaging. They are designed to worm their way into the financial data, accounts and assets by stealing login credentials. It usually substitutes account details while the victim attempts to make a payment or transfer funds. Then it becomes easier to manually steal money using remote access tools. The malware also targets people responsible for financial accounting in small and medium-sized businesses. The RTM Trojan enters the system through email phishing, using messages disguised as routine finance and accounting correspondence. Most people don’t realise it contains a malicious link or attachment, and once the malware is installed on the victim’s computer, it provides the attackers will full control over the infected system. So RTM attacks are now fast becoming a bigger threat to private sector with generally less investment in security solutions, more than to financial organizations. So far, the Trojan has been targeting mostly Russia based companies.
According to a study by 3 Kaspersky Lab researchers, there has been a surge in RTM Banking Trojan The overall number of users attacked in 2018 exceeding 130,000 – an increase from 2376 users attacked in 2017. This pace seems to be continuing into 2019, going by the 30,000 plus attacks only till the mid of February this year. This makes RTM one of the most active banking Trojans on the threat landscape. According to estimates, over the last two years, there may have been multiple illegal transactions, up to a million roubles (almost as much as $15,104) each.