Kenyans warned of malware targeting bank systems

The Communications Authority of Kenya (CA) has put the public and local institutions on notice over an increasing rise in detection of a network-targeting malware called ‘Emotet’.

The communications regulator said it had detected 11 cases targeting local institutions and had engaged the institutions on the matter.

“Emotet is an advanced destructive banking Trojan affecting network systems. With the ability to evade typical signature-based detection with several methods for maintaining persistence, including auto-start registry keys and services,” said the CA in a statement issued on Monday.

The Communications Authority thus urged the public to engage in general cyber-security practices among them immediate scanning and isolation of infected computers within the network and the consideration of proactive protection against future malware spam infections.

The malware targeting the financial sector is disseminated mainly through malicious email attachments which can manifest themselves in the form of invoices, shipping notifications and even PayPal receipts.

It has the ability to gain access to accounts by stealing log-in credentials and hijacking online banking sessions.

The discovery of the destructive malware in the country points to an increasingly riskier cyber-security landscape and is on the back of the 2017 attacks of the Wanna-cry ransomware which sought pay-offs by locking out organisations’ and personal data on unprotected computer/networks.

Malware attacks remain a widespread concern in the country with the latest industry data showing the detection of a total of 1.8 million cases out of a total of 3.8 million instances of cyber threats between July and September 2018.