Woburn, MA – February 20, 2019Kaspersky Lab researchers have detected a surge in activity by the RTM Banking Trojan with more than 130,000 users attacked in 2018 – an increase from as few as 2,376 attacked users in 2017. There are no signs of slowing down, with more than 30,000 users attacked in 2019 already, making RTM one of the most active banking Trojans on the threat landscape.

The RTM Trojan is being distributed through email phishing, using messages disguised as routine finance and accounting correspondence that contain a malicious link or attachment. Once the malware is installed on the victim’s computer, it provides the attackers with full control over the infected system. The RTM Trojan then substitutes account details while an infected victim attempts to make a payment or transfer funds. It can also be used by cybercriminals to manually steal money using remote access tools.

The malware is targeting people responsible for financial accounting in small and medium-sized businesses, with a particular focus on the IT and legal sectors. This makes RTM attacks part of a growing trend where cybercriminals are losing interest in financial organizations and instead focusing on a private sector where companies tend to invest less in security solutions.

To date, the Trojan has mainly hit businesses based in Russia. Kaspersky Lab estimates that during the course of two years, the attackers may have conducted multiple illegal transactions, up to a million rubles (the equivalent of $15,104) each.

“We’ve seen cases where successful cyberthreats were first used in Russia and later went international,” said Sergey Golovanov, security researcher at Kaspersky Lab. “The RTM banking Trojan can easily become yet another example of the same development cycle. That is why we urge organizations that can become potential targets of this malware to take preventative measures and make sure their security products detect and block this threat.”

Banking Trojans are among the most damaging cyberthreats as they are designed to gain access to the financial accounts and assets of their victims, primarily by stealing login credentials and hijacking online banking sessions.

To protect against financial malware, including the RTM Banking Trojan, Kaspersky Lab security specialists advise businesses to:

  • Train employees - particularly those who are responsible for accounting - to pay special attention to the signs of phishing attacks.
  • Install the latest patches for all of the software you use for the business.
  • Do not allow the installation of programs from unknown sources.
  • Use a robust security solution for businesses with behavioral analysis, such as Kaspersky Endpoint Security for Business.

Find out more about RTM banking Trojan on Kaspersky Daily.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company, which has been operating in the market for 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Kaspersky Lab Media Contact:

Denise Berard



Kaspersky Lab Detects Surge of RTM Banking Trojan Attacks in 2018

Researchers report pace of attacks aggresively continuing into 2019
Kaspersky Logo