New sophisticated malware bypasses two-factor authentication and drains accounts within minutes.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency alert about a new banking trojan dubbed "Goldfish" that has already stolen over $45 million from American bank accounts. The malware spreads through fake banking app updates sent via SMS and email, perfectly mimicking legitimate bank communications. Once installed, Goldfish intercepts 2FA codes in real-time and initiates unauthorized wire transfers within seconds. Major banks including Chase, Bank of America, and Wells Fargo have confirmed customer compromises. CISA recommends: never download banking apps from links in messages, only use official app stores, enable biometric authentication, and set up transaction alerts for any amount. The FBI Cyber Division is actively investigating with arrests expected soon.