BACK

Research and Statistics

Sinowal trojan compromises 500,000 bank accounts

Over roughly three years, the details of more than 500,000 online financial accounts from around the world were stolen by malicious software deemed the “most pervasive and advanced pieces of crimeware ever created by fraudsters.”

According to the RSA FraudAction Research Lab, a securities research group, a program called the Sinowal Trojan has stolen more than 300,000 login credentials and 250,000 credit and debit card numbers since February 2006. In the past six months alone, more than 100,000 online bank accounts were compromised. E-mail addresses and FTP accounts from several websites were also discovered to have been accessed or stolen.

The chart below shows the amount of compromised bank accounts since February 2006.
Bank accounts compromised by Sinowal
Source: FraudAction RSA Research Lab

The source of the Sinowal Trojan, also known as Torpig and Mebroot, is unknown, though many analysts speculate it is connected to the Russian Business Network, an active cybercrime ring. RSA’s research confirms that the software had ties to the organization in the past, but that current hosting of Sinowal is unknown.

Researchers say the program has been so successful due to its incredible stealth. Similar to all Trojans, Sinowal injects seemingly legitimate websites or information fields into a user’s Internet browser when a specific URL is accessed. For example, users who are accessing their financial accounts online will be prompted to enter their Social Security number, even if the information isn’t required. Once submitted, the stolen information is stored and organized on server space owned by the software’s creators.The software from then on saves and submits sensitive information from every website the user visits.

Hundreds of financial institution customers have been affected by Sinowal. RSA found that banks in North America, Europe, Asia Pacific and Latin America were all infected by the software. However, no financial accounts from Russia were compromised.

The software continues to plague Internet users, but the RSA is sharing its findings with several law enforcement agencies. They also have returned the stolen information to some of the affected financial institutions.

See related:The secret history of CarderPlanet.com and Dmitry Ivanovich Golubov, Notes from the underground: The next generation of carders, Credit card phishing scam: How it works, how to prevent it

What’s up next?

In Research and Statistics

Fed report: Banks tighten lending standards even more

Lenders are sharply tightening standards, by cutting credit limits and increasing minimum payments and required scores.

Published: November 3, 2008

See more stories
Credit Card Rate Report Updated: November 6th, 2019
Business
15.14%
Airline
17.01%
Cash Back
17.19%
Reward
17.03%
Student
17.23%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.