Black Friday: How to pay with your card, not your card details

Banking Trojans are increasingly focused on online stores. We explain how not to become a victim of malware during the annual holiday sales.

Black Friday — the first day of the Christmas sales season — is almost here, and many online stores are already advertising juicy discounts and other promotions. But sellers aren’t the only ones on the hunt for buyers. Lurking in the shadows, cybercriminals armed with banking Trojans are poised to steal the personal data and payment details of online shoppers.

Seeking online store accounts

Banking Trojans are commonly understood to be malicious programs that try to steal money through online banking and mobile banking apps. Therefore, many people assume banking Trojans are a danger only when using such sites or programs. But the reality is somewhat different: Banking Trojans can also pinch (a) billing information entered on online store websites and (b) accounts for these websites.

In the first nine months of 2018, our solutions detected activity on the part of online-shopaholic banking Trojans 9.2 million times. Trojans such as Chthonic, Betabot, Panda, Zeus, SpyEye, and others all have a track record in this field. They attempted to steal credentials, as well as bank details, from visitors to popular online stores.

We counted a total of 67 websites of interest to Trojans. About half of them are well-known brands of clothing, jewelry, and toys. These Trojans also seek out user accounts on the websites of movie theaters, electronics stores, and large marketplaces such as eBay and AliExpress.

Banking Trojans were quite active in Europe (in particular, Italy, Germany, and France), as well as in North America, Russia, and developing countries. Details of the geographical preferences of specific malware can be found at

Banking Trojans can use various methods to snatch tasty tidbits such as billing information and login credentials for online stores or service accounts. For example, they may try to siphon off data entered into an online form, replace the contents of Web pages, or simply redirect the user to a completely fake website.

How bad can a data leak from an online store account be?

Having got hold of your data, a cybercriminal will be able to withdraw funds from your account or make purchases in your name. Financial losses can be compounded by other problems — if a crook tries to use your card to launder money or buy something illegal, the police will be knocking on your door.

Stolen accounts are sold in large quantities on the black market. Just by googling, our experts found more than 3 million online store user accounts for sale.

How to make online shopping safer

If you want to enjoy online shopping without the fear of losing your account, keep an eye on the health of your devices and keep Trojans out. It’s not too hard:

  • Do not follow links sent by strangers in SMS, social media, or e-mail messages. And if you received a message with a link from a friend, make sure he or she really did send it.
  • To keep yourself safe from banking Trojans, install reliable antivirus protection. For example, Kaspersky Plus blocks attempts to redirect users to suspicious websites, guards against malicious advertising banners, and catches banking Trojans before they can penetrate your device.