Hackers are spreading the Chthonic banking trojan via legitimate-looking PayPal emails, security outfit Proofpoint has warned. The emails are 'authentic' and don't trigger antivirus warnings because they come via PayPal from accounts that appear to be legitimate.
"The sender does not appear to be faked. Instead the spam is generated by registering with PayPal and then using the portal to request money," said Proofpoint in a security advisory. The attackers take advantage of a feature that allows users to include notes when sending money request messages. One sample picked up by Proofpoint showed that Gmail failed to block the email since it appeared to be legitimate.Read more
Researchers have come across a new banking Trojan that appears to borrow code from the notorious Zeus. Dubbed Panda Banker, the threat was discovered in February by Fox IT and later analyzed in detail by experts at Proofpoint.
According to Proofpoint, cybercriminals have used both spear-phishing emails and exploit kits to deliver the Trojan. In one spear-phishing campaign observed on March 10, attackers sent an email containing a malicious document to people working in mass media and manufacturing organizations. When recipients opened the document, Panda Banker was downloaded from a remote server.Read more
Researchers have uncovered a new variant of the infamous Zeus Trojan. It’s called Chthonic, a reference to spirits and deities from the underworld in Greek mythology, and it’s targeting 150 banks and 20 payment systems in 15 countries.
Zeus, as its name suggests, is the king of banking malware. It first emerged in 2007 and has been wreaking havoc on online bank accounts ever since. In 2011, its developers threw in the towel and posted its source code for all to see. It may seem as though this would be the end for Zeus, but, in fact, the opposite is true.Read more