Zeus variant tricks Facebook, webmail users into exposing card details

The new Zeus version injects rogue debit card-related offers into popular websites

A new variant of the Zeus trojan tricks users into exposing their debit card details by displaying rogue offers when they visit Facebook, Gmail, Yahoo and Hotmail, according to researchers from security firm Trusteer.

"We've recently discovered a series of attacks being carried out by a P2P [peer-to-peer] variant of the Zeus platform against some of the Internet's leading online services and websites," Trusteer CTO Amit Klein said in a blog post Tuesday. "The attacks are targeting users of Facebook, Google Mail, Hotmail and Yahoo -- offering rebates and new security measures."

Like most financial malware, Zeus has the ability to inject malicious content into browsing sessions. This functionality is commonly used to display rogue Web forms when users visit online banking websites.

In a similar fashion, the new Zeus variant analyzed by Trusteer exploits the trust relationship between users and well-known service providers to achieve its goals, Klein said.

When victims visit Facebook, the malware displays a fake offer for getting 20 percent cash back when buying Facebook Credits with a MasterCard or Visa debit card. The users are asked to link their cards with their Facebook accounts, a process that involves exposing their card's details.

On Gmail and Yahoo, the malware offers free enrollment into a new secure payment processing system allegedly supported by 3,000 online shops and developed in partnership with Visa and MasterCard.

On Hotmail, the malware preys on fears of credit card fraud by offering users to sign up for a free debit card protection service similar to 3D Secure, that requires a password to authorize online transactions in addition to the card's security code.

"This attack is a clever example of how fraudsters are using trusted brands -- social network/email service providers and debit card providers -- to get victims to put down their guard and surrender their debit card information," Klein said. "These webinjects are well-crafted both from a visual and content perspective, making it difficult to identify them as a fraud."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?