BUCHAREST, ROMANIA – January 11th, 2018 – The ZeuS Banking Trojan is making a dynamic return. The 2011 malware is back, and more sophisticated than ever before, using improved deployment and anti-tracking techniques. The ZeuS Banking Trojan was recently launched as part of a massive attack initiated by a Ukrainian finance company by the name of Crystal Finance Millennium, which used multiple servers from PJSC Ukrtelecom, a company operating under the auspices of the Ministry of Transportation and Communications in Ukraine, to target unsuspecting users.
CyberByte’s cybersecurity team studied the attack, and found that it affected “more than 12 million beacons from more than 3000 unique IP addresses” and “used by sinkhole server designed to C&C ZeuS.” The attack method was similar to that of the summer-of-2017 NotPetya attack, with the key difference being that, this time, the targeted servers were not abused at all. The method employed involved using the Crystal Finance Millennium as a malware distributor, which disseminated the ZeuS Banking Trojan as an attachment in spam email campaigns.
“Cyber criminals are now taking advantage of the already established relationships of trust between companies and clients, to spread their malware, in a more efficient manner. The newest version of the ZeuS malware is part of the version 184.108.40.206 of the same trojan, but enhanced with improved evasion techniques,” said Mr. Popescu Calin, CyberByte CEO.
“Our top analyst reversed ZeuS Banking Trojan’s binary code, and concluded that, the ZeuS trojan has the capacity to go silent, in the event it detects that it has infected a virtual test environment, instead of an actual system. This particular feature makes it difficult to study, identify or track, but we, at CyberByte, have managed to successful incorporate the detection of the new ZeuS variant fingerprint in our antivirus software.”
As for what users must do, in order to be protected against the ZeuS Banking Trojan, CyberByte’s cybersecurity analyst advised that “Everyone should keep their devices up to date, their data backup as often as possible and always have on their devices only the top antivirus software installed.”
The CyberByte Antivirus is available for Mac and Windows. A free version with limited features is also available for download, while the software’s premium version is available at an extremely affordable rate.
To learn more about CyberByte, please visit: https://cyberbyte.org