%0 Article %A Custers, Bart HM %E Pool, Ronald LD %E Cornelisse, Remon %E Pool, Ronald LD %E Cornelisse, Remon %D 2019 %G English %@ 1741-2609 %T Banking malware and the laundering of its profits %J European journal of criminology %V 16 %N 6 %P 728-745 %U https://scholarlypublications.universiteitleiden.nl/access/item%3A2908689/view %U http://doi.org/10.1177/1477370818788007 %X Banking malware is malicious software that aims to steal money from victims via manipulated bank transfers in online banking. This paper describes how the profits of banking malware are generated and subsequently laundered, with a particular focus on the use of bitcoins and other digital payment methods. Computers are infected with banking malware via phishing emails, in which people are persuaded in various ways to click on links or open attachments, or via exploit kits, programs that try to find weak spots in the security of computer systems. After infection, bank transfers of the online banking accounts of victims are manipulated via fake website screens (web injects). Behind the screens the amounts and beneficiaries of transactions are modified, emptying the victims’ bank accounts. In the next step, the banking malware profits are laundered. In this paper we describe two models that are used in particular (next to more traditional money laundering methods). The first model involves the use of money mules and a quick cash-out. The second model focuses on direct spending via (a) direct purchases of products via online shopping, (b) direct purchases of bitcoins via Bitcoin exchanges or (c) direct purchases of luxury goods. Bitcoins can be further laundered via so-called mixing services. All in all, these methods allow criminals to launder profits in relative anonymity and prevent seizure of the illegal profits.