Cyber criminals set trap for foreign exchange traders

FOREX website suffers malware injection that could infect visitors' computers.


A popular foreign exchange market (FOREX) website has been infected with a malicious Java applet, designed to install malware onto site visitors' computers.

The threat, which has been injected into the FOREX trading website, was detected by unified web, data and email security firm Websense. The company has raised the prospect that such an attack may constitute a shift in the way some cyber criminals work, suggesting they may now be looking to attack easier targets with online systems and less mature security systems, compared to banks and stock exchanges.

This injection could deposit malware to the users of this site, opening them up to data stealing

However, the applet will not be able to infect any and all visitors to the site, Websense has said, as the dropped backdoor that allowed the injection is written in Visual Basic. This means the target machine must have Microsoft's .NET framework successfully installed and running in order for an infection to take place.

Advertisement - Article continues below
Advertisement - Article continues below

"Cyber criminals are certainly heading straight for the money in targeting a trading website. This injection could deposit malware to the users of this site, possibly opening them up to data stealing," said Carl Leonard, senior security research manager at Websense.

"Without real-time inline security protection, companies and individuals could be at risk of trading more than they thought, with the cybercriminals maximising profits."

Featured Resources

2,000 days: the CIO's world in 2025

What the role of the CIO will look like in five years time

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

The IT roadmap from modernisation to innovation with consistent hybrid cloud

A guide to a modern, cloud-enabled IT infrastructure

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020