Malware, Threat Management

Ukrainian software company compromised to spread Zeus banking trojan

Cybercriminals launched a cyberattack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a Ukrainian holiday.

Cisco Talos researchers observed the Crystal Finance Millennium (CFM)  company site dispersing malware that was retrieved by malware downloaders attached to messages associated with a spam campaign that was running concurrently with the site compromise, according to a Jan. 4, blog post.

The attack occurred in August 2017 and Ukrainian authorities and businesses were alerted to the attack by a local security firm, ISSP.  Researchers noted the attacker didn't compromise the firm's update servers and did not have the level of access noted previous Nyetya compromise and MeDoc attacks.

The malicious email s contained a ZIP archive that combined a JavaScript file that when opened, executes causing the system to retrieve the malware payload and run it, thus infecting the system with a variant of the Zeus banking trojan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.