Web Injection and Banking Trojan Malware -A Systematic Literature Review

T.J. Nelson
Cory A. Nance, Dakota State University
Cherie Noteboom, Dakota State University

Abstract

Banking trojan malware focuses on stealing credentials for financial services. A common technique used to facilitate this theft is web injection. Web injects work by modifying web page code or intercepting user input within a browser. Multiple papers in the literature discuss web injects and banking trojan malware; however, this paper extends the existing literature by answering key questions related to web inject usage in banking trojan malware. Specifically, this paper systematically analyzes the available literature to describe which threat actors use banking trojans, identify the malware families employing web injects, enumerate web injection techniques, and define the victims of banking trojans. To answer these questions, a 3-phase systematic literature review was conducted. In total 258 articles were reviewed and analyzed using a custom classification schema. The analysis revealed that web injects in banking malware trojans are a large threat in the cyber landscape.