00:00This is not a breach of banking infrastructure or banking companies. What this represents
00:08in our research is a large amount of Australian citizens who have had their devices compromised
00:15with a certain type of computer virus. And one of the things that computer virus does
00:20really well is steals things like banking credentials.
00:24So just tell us in a bit more detail about this specific kind of malware that you're looking at.
00:30So InfoSteeler malware is predominantly created by criminals to land on your computer and very
00:38quickly take as much information, hence the name, as possible to send that straight back to the
00:44criminals. Why did you choose banks specifically to focus on in this report? One of the reasons that
00:50we thought it would be useful to raise awareness is, you know, with recent news around superannuation
00:56attacks and credential stuffing, we've seen a tight correlation between the use of InfoSteeler
01:02malware and using those passwords to conduct these type of attacks against individuals.
01:10This is only a snapshot really, isn't it? This 31,000 credentials. Where did you find them?
01:15There's things like instant chat, online telegram chat rooms, cybercrime forums. Think of it like
01:23an Amazon marketplace for stolen information.
01:26So if you are one of those banking customers who's unfortunate enough to have had your credentials
01:34traded in this way, does that mean that theoretically your account could be drained using
01:41that information that's been stolen? Yes. You know, if criminals have your banking credentials,
01:47they can attempt to, you know, log into your account and perform actions. Whether or not the
01:53banks would detect that is up to each separate bank and they have a multitude of different things they do
01:59to try and detect that. I wanted to talk to you a bit about some of the maybe more common solutions
02:06that are often recommended to people that don't necessarily completely solve this issue.
02:13Look, I think everyone's familiar with the typical advice, right? Use a strong password, rotate your
02:20password, use an antivirus. If you have InfoSteeler malware on your device and you say change your password,
02:29then that malware is going to get the new password that you've just created. And so, you know, it's the
02:36equivalent of changing your locks while the burglar is still in your house. For users at home, you need
02:42to start thinking about how does InfoSteeler malware get on your device in the first place. One of the most
02:47common ways that we see from our analysis is, you know, online games, whether it's Minecraft, cracked
02:56software, which is software that you would typically have to pay license fees for, whether it's
03:01Photoshop or something else. If you've got banking credentials or, you know, highly sensitive information
03:08you want to use on your computer, keep that separate to, say, the devices and the computer that your
03:13children are using. What do you hope happens as a result of releasing this somewhat frightening
03:21information publicly? This is not intended to frighten anyone. This is a reality. There is,
03:28you know, millions of devices around the world being infected by this type of malware,
03:33and it's a public matter because most of the infections are happening on personal devices.
03:39So our goal with this research is to raise awareness for, you know, the average citizen,
03:45so they understand more about how valuable their data actually is and what they can do to make it
03:54difficult for attackers to actually take this information.
Comments