Banker Trojan: What it is, how it steals logins and money, and how to remove it

Banker Trojan

What it is

A banker trojan is malware built to steal money from online banking. It sneaks onto a PC, watches logins, and can secretly redirect you to fake pages or overlay real ones to grab passwords, 2FA codes, and payment details. It often hides by adding startup tasks and registry entries so it comes back after reboot.

What you may notice

  • Banking pages look slightly different or ask for extra info

  • Random redirects during checkout or login

  • New browser extensions or changed homepage/search

  • Unusual logins, transfers, or MFA prompts you did not trigger

How it gets in

  • Phishing emails and booby-trapped attachments

  • Fake updates or cracked software installers

  • Malvertising and drive-by downloads on risky sites

Remove it now (quick steps)

  1. Disconnect from the internet; avoid opening banking sites.

  2. Run a full scan with trusted anti-malware and reboot.

  3. From a clean device, change bank/email passwords and enable MFA.

  4. Call your bank, review recent transactions, and set alerts.

  5. Check startup items, scheduled tasks, services, and extensions; remove unknowns.

Prevent it

  • Install software only from official sources; skip cracks.

  • Keep Windows, browsers, and extensions updated.

  • Block macros by default; be cautious with attachments.

  • Use a password manager and unique passwords + MFA.

  • Bookmark bank sites and navigate from bookmarks, not links.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • Data Breach

        What it is A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our data breach guide How it happens ...

      • Qbot (QakBot)

        Qbot (QakBot) What it is Qbot - also known as QakBot - is a modular banking trojan targeting Windows. It steals credentials, cookies, and session tokens from browsers and mail clients, monitors web logins with injects, and can log keystrokes. ...

      • PSW.Stealer (Trojan-PWS)

        What it is A password-stealing trojan for Windows that harvests credentials and other sensitive data, then exfiltrates it to the attacker. See our overview for defenders for details. Why it matters Once stolen, credentials enable account takeovers, ...