Mr Guillaume Lovet: Now it's not just about silently swiping passwords, it's also about bullying infected users into paying.

Swiping passwords, faking infections, intercepting SMS confirmations and even holding victims to ransom – these are some of the typical methods cybercriminals are using today to monetise their malware, according to the latest FortiGuard threat landscape research.

"While methods of monetising malware have evolved over the years, cybercriminals today seem to be more open and confrontational in their demands for money for faster returns,” said Mr Guillaume Lovet, Senior Manager of FortiGuard Labs' Threat Response Team. “Now it's not just about silently swiping passwords, it's also about bullying infected users into paying.”

Take the malware Ransom.BE78 for example. The ransomware prevents users from accessing their personal data. Typically the infection either prevents a user’s machine from booting or encrypts data on the victim’s machine and then demands payment for the key to decrypt it. The main difference between ransomware and fake antivirus is that ransomware does not give the victim a choice regarding installation, said the FortiGuard report. Ransomware installs itself on a user’s machine automatically and then demands payment to be removed from the system.

Another method that cybercriminals are using to monetise malware is the use of a Trojan to intercept a user’s online bank login attempts and then use social engineering to trick them into installing a mobile component of the malware on their smartphones. Once the mobile element is in place, cybercriminals can then intercept bank confirmation SMS messages and subsequently transfer funds to a money mule's account. An example of such a Trojan is Zbot.ANQ, the "client-side" component of a version of the infamous Zeus crime-kit.

The third method identified in the FortiGuard report is the use of a fake antivirus malware such as FakeAlertD. The malware uses a convincing-looking pop-up window to notify users that their computer has been infected with viruses and that, for a fee, the fake antivirus software will remove the viruses from the victim’s computer.

Tricking users into installing a piece of malware continues to be a common tactic. The sophisticated Simda.B malware poses as a Flash update in order to trick users into granting their full installation rights. Once installed, the malware steals the user’s passwords, allowing cybercriminals to infiltrate a victim’s email and social networking accounts to spread spam or malware, access Website admin accounts for hosting malicious sites and siphon money from online payment system accounts.

While cybercriminals may have become more confrontational in their demands, Mr Lovet pointed out that the basic steps users can take to protect themselves have not changed. “They should continue to have security solutions installed on their computers, update their software diligently with the latest versions and patches, run regular scans and exercise common sense," he said.