Skip to main content

Woburn, MA – March 7, 2019 – According to a new Kaspersky Lab report, Financial Cyberthreats in 2018, 889,452 users of Kaspersky Lab solutions were attacked by banking Trojans in 2018, an increase of 16 percent compared to 2017 when over 767,000 users were hit.

Kaspersky Lab experts analyzed the financial threat landscape and point to the growth is users attacked by banking Trojans due to increased activities of mainly one banker in 2018, the RTM banker Trojan, which was reported on just last month.

Of the 889,452 attacked users, nearly 25 percent (24.1%) were in the corporate sector – a figure that has remained fairly consistent for the last three years. Kaspersky Lab experts believe that this trend is due to successful hits on employees not only providing banking or payment system accounts, but also offering the opportunity for criminals to compromise a company’s financial resources.

The research also shows that Russia became the most targeted nation in 2018, accounting for over 22 percent of global users attacked with banking malware. It’s followed by Germany (with a share of over 20%), India (almost 4%), Vietnam (3%), Italy (2%), the United States (2%) and China (2%).

In addition, Russia, South Africa, and the United States were the top three countries in 2018 listed with the highest percentage of users attacked by Android banking malware.

“When it comes to individual users, we can say that 2018 didn’t give them much respite from financial threats,” said Oleg Kupreev, security expert at Kaspersky Lab. “Our data shows that infamous bankers are still out there, increasing their attacks and hunting for money. We witnessed particular interest in the RTM banking Trojan, whose explosive growth pumped up the figures for 2018. Therefore, we urge users to be cautious when conducting financial operations online from PCs. Don’t underestimate the professionalism of modern cybercriminals by leaving your computer unprotected.”

The key findings of the “Financial Cyberthreats in 2018” report can be found below:

  • In 2018, the share of financial phishing decreased from 53.8 percent to 44.7 percent of all phishing detections, still accounting for almost half of overall detections.
  • The share of phishing-related attacks to payment systems and online shops accounted for almost 14 percent and 8.9 percent respectively in 2018. This is slightly less than in 2017.
  • The share of financial phishing encountered by Mac users slightly grew from 55.6 percent in 2017 to 57.6 percent in 2018.
  • Zbot and Gozi are still leaders when comes to most widespread banking malware family (over 26% and 20% of attacked users), followed by SpyEye (15.6%).
  • In 2018, the number of users that encountered Android banking malware more than tripled to 1,799,891 worldwide.
  • Just three banking malware families accounted for attacks on the vast majority of Android users (around 85%).


In order to protect themselves from financial phishing, Kaspersky Lab experts advise users to take the following measures:

  • To help prevent financial fraud, use a dedicated security solution with built-in features to create a secure environment for all of your financial transactions. Kaspersky Lab’s Safe Money technology is designed to offer this level of protection to users and provide peace of mind. Use reliable security solutions for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud and Kaspersky Internet Security.
  • To keep your credentials safe, it is important to apply the same level of vigilance and security across all of your devices – whether desktop, laptop or mobile. Use a reliable security solution for storing valuable digital data, such as Kaspersky Password Manager.


For business, Kaspersky Lab experts advise the following:

  • Invest in regular cybersecurity awareness training for employees to educate them not to click on links or open attachments received from untrusted sources. Conduct simulated phishing attack to ensure that they know how to distinguish phishing emails.
  • Leverage advanced detection and response technologies, such as Kaspersky Endpoint Detection and Response, part of Threat Management and Defense solution. This can help catch even unknown banking malware and gives security operation teams’ full visibility over the network and response automation.
  • Provide your security operation center team with access to Threat Intelligence so it remains up to date with the latest tactics and tools used by cybercriminals.


To learn more about financial phishing and the other findings of the report, Financial Cyberthreats in 2018, visit


About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Kaspersky Lab Media Contact:

Denise Berard


Kaspersky Lab financial cyberthreats report: Users attacked by banking Trojans hit nearly 900,000 in 2018

New report shows banking Trojans increased by 16 percent compared to the previous year
Kaspersky Logo