Group-IB researchers recently came across a new type of malware that targets two types of stock trading software: QUIK from ARQA Technologies, and FOCUS IV Online from EGAR Technology (h/t ITworld).

While trading accounts have frequently been targeted by hackers over the past year, the researchers say, this type of targeted malware is a new development.

Both QUIK and FOCUS IV Online are used by leading Russian banks, including Sberbank, Alfa-Bank and Promsvyazbank, for trading on the MICEX stock exchange. The applications are also used by entities in other countries, such as BCS Cyprus, Otkritie and InstaForex.


"The initial act of the malware is to check the presence of these applications in the OS, then begin to monitor the user’s actions and extract information about his activity by capturing screenshots and intercepting credentials which are then sent to the C&C server," the researchers write.