The new threat can gather information about infected computers including their IP addresses and names, take screen shots and upload them to a remote server, steal FTP and POP3 credentials, SSL certificates and information inputted into web forms, hijack browsing sessions and insert rogue content into opened websites and initiate rogue remote desktop connections using the VNC and RDP protocols.
The Trusteer researchers consider Zberp a variant of ZeusVM, a recent modification of the widely used Zeus Trojan program whose source code was leaked on underground forums in 2011. ZeusVM stands out from other Zeus-based malware through its authors’ use of steganography to hide configuration data inside images.
The Zberp authors use the same technique, which is meant to evade detection by anti-malware programs, to send configuration updates embedded in an image that depicts the Apple logo. However, the new threat also uses hooking techniques to control the browser that seem to have been borrowed from Carberp, another Trojan program designed for online banking fraud whose source was leaked in 2013.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now