430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

GreatestArcadeHits serves ZEUS ZBOT banking trojan

Intelligence Ian Malloy has discovered an hidden variant of the popular Zeus banking trojan in the GreatestArcadeHits servers. GreatestArcadeHits.* serves up more than entertainment, in fact they don’t serve up entertainment at all.  Hidden in the application is the infamous ZEUS/ZBOT, a banking trojan that has the capacity to spoof online banking sites to steal […]

GreatestArcadeHits serves ZEUS ZBOT banking trojan

Intelligence Ian Malloy has discovered an hidden variant of the popular Zeus banking trojan in the GreatestArcadeHits servers.

GreatestArcadeHits.* serves up more than entertainment, in fact they don’t serve up entertainment at all.  Hidden in the application is the infamous ZEUS/ZBOT, a banking trojan that has the capacity to spoof online banking sites to steal credentials in order to drain the victim’s finances.  This comes in the form of a purported Chrome (c) update.

 GreatestArcadeHits server host malware Zeus


 As can be seen from the URL, I was attempting to access my student portal for school when I was redirected automatically.  Now we’ll take a deeper look at the HTML underlying ‘Superfish.’

 GreatestArcadeHits server host malware Zeus 2


luckyleap‘ serves the popup while Superfish handles the redirect.

 GreatestArcadeHits server host malware Zeus 3


Here GreatArcadeHits is found installed without permission, likely from being injected into trusted software.  The initial software download that installed GreatestArcadeHits was from download.cnet.com, a trusted site.

It is unclear who is behind this specific resurgence of the Superfish Zeus/Zbot although Malloy Labs has its suspicions.

“We believe at Malloy Labs that the suspects involved are using legacy code for a reason, they themselves lack the proper tools to develop this type of software so they do what most cyber criminals do and mix and match code with a little HTML injection thrown in to display the infector site.  My only hope is that this is not the same group behind the Zeus/Zbot on Facebook which Eric Feinberg, Frank Angiolelli and myself had found, because the block list would only grow exponentially.   #MalwareMustDie!” said Ian Malloy.

Ian Malloy Intelligence Analyst and member of US-CERT and CSFI-CWD.  CEO of Malloy Labs, studying CYOPS at Utica College.

(Security Affairs – Zeus, banking)