New Zeus version targeting Firefox users for bank fraud

A new version of the data-stealing trojan Zeus is for the first time able to successfully exploit Mozilla's Firefox browser to commit sophisticated online banking fraud, according to security firm Trusteer.

Zeus, the most prevalent type of financial malware on the internet today, is known for stealing bank account information from its victims. But, previous versions of the malware were unable to bypass the security defenses, such as strong layers of authentication, used by banks when a user was on Mozilla's browser, Mickey Boodaei, CEO of Trusteer told on Wednesday. The newest Zeus incarnation targets Firefox browsers with techniques called HTML injection and transaction tampering, which can effectively bypass strong authentication and transaction signing.

"We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before," Amit Klein, CTO of Trusteer and head of the company's research organization, said in a statement.

In an email sent to on Wednesday, a spokesperson at Mozilla said that Zeus is not exploiting a vulnerability within Firefox, but is installed once a system has already been compromised.  

"Once malware like Zeus is on a user's system, every application they use is at risk," the Mozilla spokesperson said.

Previous versions of Zeus had fairly limited capabilities for Firefox compared to those for Microsoft's Internet Explorer (IE) browser, Boodaei said. On Firefox, for example, the trojan previously was not capable of changing a bank's login page or altering a user's online transactions. As a result, most fraud incidents associated with Zeus have been sustained by users of IE.

“As long as you worked with Firefox, until now, Zeus had very limited capabilities and the result was that no fraud was committed on your account,” Boodaei said.

This variant of the malware is spreading rapidly via compromised websites and in spam messages, Boodaei said.

The first variants of Zeus date back to 2006, but it is still one of the most dangerous pieces of malware on the internet, he said.

“As an industry, we still don't have a solution, which is worrying,” he added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.