Zberp - new online banking malware in town

Tuesday 27 May 2014 08:39 CET | News

Trusteer, a provider of endpoint cybercrime prevention solutions, has warned financial institutions about the existence of a new computer Trojan, dubbed Zberp, which is similar to Zeus and Carberp malware programs.

The new threat can gather information about infected computers including their IP addresses and names, take screen shots and upload them to a remote server, steal FTP and POP3 credentials, SSL certificates and information inputted into web forms, hijack browsing sessions and insert rogue content into opened websites and initiate rogue remote desktop connections using the VNC and RDP protocols.

The Trusteer researchers consider Zberp a variant of ZeusVM, a recent modification of the widely used Zeus Trojan program whose source code was leaked on underground forums in 2011. ZeusVM stands out from other Zeus-based malware through its authors’ use of steganography to hide configuration data inside images.

The Zberp authors use the same technique, which is meant to evade detection by anti-malware programs, to send configuration updates embedded in an image that depicts the Apple logo. However, the new threat also uses hooking techniques to control the browser that seem to have been borrowed from Carberp, another Trojan program designed for online banking fraud whose source was leaked in 2013.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: online banking, online fraud, online security, malware, US, Zberp, Zeus
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events