Malware designed to steal passwords has shot up 400% in the past
year, according to
research by security firm McAfee.
Password-stealing attacks have matured and cybercriminals are
using advanced techniques to capture the login details of people
shopping and banking online, the report said.
Players of online games are now the most targeted group, the
report said, with a growing underground economy based on the trade
of virtual game goods.
New techniques include using malware to take screen shots as
users enter login details and hijacking websites to deploy
fake pop-ups which request personal information.
Spam is one of the main distribution methods for seeding
password stealers. Hackers use mass mailings of fake invoices and
other spam to trick recipients into opening attachements that
download malware.
The spam mail's topic is often tailored to the target audience,
exploiting trends, political news, or topics localised for targeted
countries, the report said.
"The evolution of password-stealing malware is driven by a
cops-and-robbers game between cybercriminals and online banking
institutions," the report said.
But, according to the researchers, more security does not
necessarily bring about better usability.
"The contrary is usually the case, as the introduction of yet
another security mechanism usually complicates things for users,
eventually discouraging them," the report said.
Financial institutions and other online service need to find a
better compromise between security and usability, the report
said.