November 17, 2017 by

Banking Malware Spin-Off Targets Twitter, Facebook Accounts

A sophisticated strain of malware based on the Zeus trojan has been discovered monitoring and potentially taking over Facebook and Twitter accounts.

First reported by ZDNet, the Zeus offshoot has been repurposed with “new espionage capabilities” to both monitor and modify Facebook and Twitter posts, as well as gain the ability to eavesdrop on emails. The strain was discovered by researchers at Romanian cybersecurity firm Bitdefender, who confirmed the strain’s capabilities to go beyond its primary intended purpose of stealing financial credentials to snoop in on the online activity and lives of its victims.

The malware even targets popular email service providers aside from having the ability to exploit a victim’s social media account and stealing data before spreading beyond the victim’s computer. Curiously, the malware has been coded not to gather any data from VK, Russia’s largest social media platform, lending credence to the theory that the malware’s operators could be located in Russia or Eastern Europe.

Bitdefender’s senior e-Threat analyst Bogdan Botezatu said:

Social media accounts can be also used as a propagation mechanism once the malware is instructed to post links to downloadable copies of the malware. Additionally, the malware can also steal account login information and cookies, so its operators can hijack the social network account and re-sell access to it, for instance.

Like other effective malware campaigns, the strain begins its attack via phishing emails containing a rigged button purporting to be a PDF file. When clicked, the ‘PDF’ document will instead execute a Javascript code to download the malware. Once installed, the malware injects itself into the browser processes to read traffic and deliver code. It is also capable of using injected spyware to siphon data and upload it to command and control servers.

“The malware’s distribution is far from an epidemic, but what caught our attention is the sophistication of the payload and the malware’s capability to run undetected on already infected computers,” Botezatu added.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Dangerous Android Banking Trojan, SVPENG, modified with a Keylogger

In mid-July this year, it was discovered that a well-known banking malware,...

Read more arrow_forward

Dvamp is Android’s First Trojan Malware with Code Injection

A sophisticated and dangerous new trojan malware, Dvamp, has emerged as the first-known trojan for...

Read more arrow_forward

Twitter Turns on Support for Two-Factor Authentication Apps

Beyond offering its own added layer of security in enabling SMS-based two-factor authentication...

Read more arrow_forward