Categories: Cyber CrimeMalware

GreatestArcadeHits serves ZEUS ZBOT banking trojan

Intelligence Ian Malloy has discovered an hidden variant of the popular Zeus banking trojan in the GreatestArcadeHits servers.

GreatestArcadeHits.* serves up more than entertainment, in fact they don’t serve up entertainment at all.  Hidden in the application is the infamous ZEUS/ZBOT, a banking trojan that has the capacity to spoof online banking sites to steal credentials in order to drain the victim’s finances.  This comes in the form of a purported Chrome (c) update.

 


 As can be seen from the URL, I was attempting to access my student portal for school when I was redirected automatically.  Now we’ll take a deeper look at the HTML underlying ‘Superfish.’

 


luckyleap‘ serves the popup while Superfish handles the redirect.

 


Here GreatArcadeHits is found installed without permission, likely from being injected into trusted software.  The initial software download that installed GreatestArcadeHits was from download.cnet.com, a trusted site.

It is unclear who is behind this specific resurgence of the Superfish Zeus/Zbot although Malloy Labs has its suspicions.

“We believe at Malloy Labs that the suspects involved are using legacy code for a reason, they themselves lack the proper tools to develop this type of software so they do what most cyber criminals do and mix and match code with a little HTML injection thrown in to display the infector site.  My only hope is that this is not the same group behind the Zeus/Zbot on Facebook which Eric Feinberg, Frank Angiolelli and myself had found, because the block list would only grow exponentially.   #MalwareMustDie!” said Ian Malloy.

Ian Malloy Intelligence Analyst and member of US-CERT and CSFI-CWD.  CEO of Malloy Labs, studying CYOPS at Utica College.

(Security Affairs – Zeus, banking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Empire Market owners charged with operating $430M dark web marketplace

Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated…

2 hours ago

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances…

4 hours ago

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that…

10 hours ago

Spanish police arrested an alleged member of the Scattered Spider group

A joint law enforcement operation led to the arrest of a key member of the…

13 hours ago

Online job offers, the reshipping and money mule scams

Offers that promise easy earnings can also bring with them a host of scams that…

15 hours ago

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

1 day ago

This website uses cookies.