GreatestArcadeHits.* serves up more than entertainment, in fact they don’t serve up entertainment at all. Hidden in the application is the infamous ZEUS/ZBOT, a banking trojan that has the capacity to spoof online banking sites to steal credentials in order to drain the victim’s finances. This comes in the form of a purported Chrome (c) update.
As can be seen from the URL, I was attempting to access my student portal for school when I was redirected automatically. Now we’ll take a deeper look at the HTML underlying ‘Superfish.’
‘luckyleap‘ serves the popup while Superfish handles the redirect.
Here GreatArcadeHits is found installed without permission, likely from being injected into trusted software. The initial software download that installed GreatestArcadeHits was from download.cnet.com, a trusted site.
It is unclear who is behind this specific resurgence of the Superfish Zeus/Zbot although Malloy Labs has its suspicions.
“We believe at Malloy Labs that the suspects involved are using legacy code for a reason, they themselves lack the proper tools to develop this type of software so they do what most cyber criminals do and mix and match code with a little HTML injection thrown in to display the infector site. My only hope is that this is not the same group behind the Zeus/Zbot on Facebook which Eric Feinberg, Frank Angiolelli and myself had found, because the block list would only grow exponentially. #MalwareMustDie!” said Ian Malloy.
Ian Malloy Intelligence Analyst and member of US-CERT and CSFI-CWD. CEO of Malloy Labs, studying CYOPS at Utica College.
(Security Affairs – Zeus, banking)
Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…
This website uses cookies.