Download our in-depth report: The Ultimate Guide to IT Security Vendors
While trading accounts have frequently been targeted by hackers over the past year, the researchers say, this type of targeted malware is a new development.
Both QUIK and FOCUS IV Online are used by leading Russian banks, including Sberbank, Alfa-Bank and Promsvyazbank, for trading on the MICEX stock exchange. The applications are also used by entities in other countries, such as BCS Cyprus, Otkritie and InstaForex.
"The initial act of the malware is to check the presence of these applications in the OS, then begin to monitor the user’s actions and extract information about his activity by capturing screenshots and intercepting credentials which are then sent to the C&C server," the researchers write.