Loading...

Bank accounts at risk. ZeuS Banking Trojan returns

Bank accounts at risk. ZeuS Banking Trojan returns.

Better form, more dangerous and more invasive than ever! All done silently!

2011's ZeuS Banking Trojan evolved into a more sophisticated form with better deployment and better anti-tracking techniques.
Our cybersecurity team investigated a massive attack launched from a website owned by a Ukrainian finance company called Crystal Finance Millennium and from multiple servers owned by PJSC Ukrtelecom, a company governed by the Ministry of Transportation and Communications in Ukraine.

The numbers of this attack are huge, more than 12 million beacons from more than 3000 unique IP addresses were affected and used by sinkhole server designed to C&C ZeuS.
The attack method used here is similar to the attack method used in NotPetya attack from summer of 2017, that abuse severs from tax software company M.E.Doc to distribute the destructive wiper. The difference between those two lays in the method used to abuse the hacked servers.
To be more precise the server was not abused at all. Instead, the spread was based on accounting software maker CFM's website being used to distribute malware fetched by downloaders delivered as attachments in an email spam campaign.
Every attachment had a ZIP archived that contained malicious JavaScript code that acted as a downloader which connects and download files and command form cybercriminals C&C server.

Most of the code used in this variant of ZeuS is part of the version 2.0.8.9 of the same trojan but enhanced with better evasion techniques. After infection, if it detects that a virtual test environment was infected instead of an actual system the ZeuS goes silent and does nothing making it hard to study, identify or track.

Our top analyst reversed the ZeuS binary and concluded that cybercriminals and their tools are becoming more and more sophisticated and efficient, taking every advantage they can get, like in this case using already build relationship trust between companies as leverage for a better deploy of their malware.
Our company antivirus is now able to detect the new ZeuS variant fingerprint.
Nothing is safe, and everything evolves devices, OSs, security software as well as security flaws. "That is why everyone should keep their devices up to date, their data backup as often as possible and always have on their devices only the top antivirus software installed," our cybersecurity analyst said.

CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

About CyberByte About CyberByte