New Zeus variant targets billing services providers

Share this article:

The infamous Zeus banking trojan has been reconfigured, and its new scheme targets users of cloud-based billing companies, instead of banks.

Researchers at security firm Trusteer have discovered a new variant of the data-stealing malware, which typically is used by criminals to lift banking credentials that they use to access corporate accounts and wire themselves money, according to a blog post on Tuesday. The new configuration, however, is affecting customers of cloud billing services providers like Ceridian, a Canadian human resources and payroll solutions provider.

“What we see here is its attempt to go into different fields,” Yishay Yovel, vice president of marketing at Trusteer, told SCMagazine.com on Wednesday.

Once a user's machine is infected, the malware is able to take a screenshot of the Ceridian payroll services web page, said Amit Klein, CTO at Trusteer.

“This allows Zeus to steal the user ID, password, company number and the icon selected by the user for the image-based authentication system,” he wrote.

By setting their sights on business payroll systems, miscreants are able to funnel larger amounts of money than if they targeted bank accounts. With the valid credentials to access an organization's payroll system, the crooks can add fake employees and designate them to receive cash.

As enterprises are trending toward the cloud for their services, cyber criminals are continuously crafting new ways to siphon money, Yovel said.

He added that blame should not be put on the service providers.

“The user systems are compromised, not the banks or the cloud services,” he said. “Ultimately, financial fraud occurs.”

And despite Microsoft recently announcing a major takedown effort against Zeus' command-and-control structure, the malware appears to be living on.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.