Australian banking passwords stolen by silent malware

Infostealer — the silent malware harvesting Australians passwords.

Thousands of Australians have had their bank passwords stolen in what the Australian Signals Directorate is calling "the silent heist." Over 31,000 credentials linked to major banks including Commonwealth, ANZ, NAB and Westpac have been posted online and shared among criminals.

The breach wasn’t caused by the banks, rather, a type of malware called an infostealer that infects mostly Windows computers. The malware quietly harvests passwords, credit card info and browser data.

For businesses that allow remote access to systems with personal devices, this is another wake-up call to the risks of malware.

The 31,000 credentials were uncovered during an audit by Sydney-based cybersecurity firm Dvuln.

“This is just the tip of the iceberg. There are likely thousands more Australians affected by this type of malware. The time to act is now.” - James Bartrop, ShadowSafe.

Steps to guard against malware at home

• Turn on multi-factor authentication (MFA) for your banking and accounts

• Turn on auto updates for your operating system and applications e.g. Chrome

• Install cloud-based antivirus software on your devices

• NEVER reuse passwords, especially between personal and business logins

• Monitor banking and financial accounts for unusual activity

Follow ShadowSafe on LinkedIn for more updates.