• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

 | 

Interlock ransomware group deploys new PHP-based RAT via FileFix

 | 

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

 | 

Experts uncover critical flaws in Kigen eSIM technology affecting billions

 | 

Spain awarded €12.3 million in contracts to Huawei

 | 

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Malware
  • News Zeus shows significant a evolution in the criminal ecosystem

News Zeus shows significant a evolution in the criminal ecosystem

Pierluigi Paganini January 30, 2015

Researchers at SentinelOne have discovered a strain of the Zeus malware that includes a very sophisticated control panel and evasion techniques.

Malware researchers at SentinelOne  have spotted a new Zeus variant that was used to target major Canadian banks, including the National Bank of Canada, the Bank of Montreal and the Royal Bank of Canada.

The researcher Anton Ziukin explained that also this variant of Zeus relies on Web injection mechanisms to create pages used by threat actors to steal victim’s banking credentials and other personal information that could be offered for sale in the underground market. In the specific case, the malware displays victims a phishing page that reproduces the login form for their online banking services.

“This attack continues a growing trend in banking malware that goes beyond simply targeting the victim’s login credentials (i.e. their username and password) and injects pages to steal a wealth of personal information including answers to security questions, debit and credit card numbers, social security number, driver license number and more. While some of this information can be used to commit online banking fraud, the other personal data can be used for different crimes including healthcare fraud, opening credit accounts in victim’s names, etc. It could even be used in spear phishing attacks to target individuals within enterprises and government agencies in order to breach secure networks.” Ziukin reports in a blog post.

The phishing page proposed by the new Zeus variant also instructed victims to provide their personal data, including ATM PIN, and credit/debit card details, social insurance number and date of birth.

new Zeus variant

This new strain of Zeus malware is not detected by several antivirus, besides it also bypasses SSL browser security because the malicious code is installed on the endpoint and relies on Man-In-The-Browser technique to direct inject its web content in the victim’s browser.

“Since the malware is installed on the endpoint device it can inject fake webpages into the browser without breaking the SSL connection to the bank’s server and generating a security alert. Predictive execution technology that monitors activity on the endpoint device is the only way to detect and block these attacks, and protect personal information from getting into the hands of criminals.” continues the post.

The experts accessed the control panel of the new Zeus botnet noting its high level of sophistication. The control panel includes detailed information on each of the compromised bank accounts, in fact it reports balance, login status, and Web browser used by the victim.

new Zeus variant 2

The panel also includes a “Drop” form used to customize the attacks, for example, cyber criminals can specify the destination bank account to transfer stolen funds and the percentage to release the money Mule before transferring the balance to the attacker.

“This glimpse into the criminal underground demonstrates the sophistication of the tools being used by criminal gangs to conduct banking and other forms of online fraud. Building, executing and monetizing advanced attacks is easier and more affordable than ever before,” SentinelOne’s Anton Ziukin said in a blog post.

It is even more simple for cyber criminals to arrange scams and conduct illegal activities thanks the offer in the cyber criminal ecosystem, for example recently researchers at IBM Trusteer discovered a new toolkit dubbed KL-Remote that allows criminals to run Remote Overlay Attacks without specific skills.

Stay Tuned …

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – online banking, Zeus)

[adrotate banner=”5″]

[adrotate banner=”13″]

 


facebook linkedin twitter

banking Canada Cybercrime malware online-banking SentinelOne underground Zeus

you might also like

Pierluigi Paganini July 16, 2025
Former US Army member confesses to Telecom hack and extortion conspiracy
Read more
Pierluigi Paganini July 15, 2025
Android Malware Konfety evolves with ZIP manipulation and dynamic loading
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

    Intelligence / July 16, 2025

    Former US Army member confesses to Telecom hack and extortion conspiracy

    Cyber Crime / July 16, 2025

    CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

    Hacking / July 16, 2025

    DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

    Security / July 16, 2025

    U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 16, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT