New trojan makes you think Facebook and Google want your bank details

email article email article print article print article tip @techmeme

Ever tried to log into your Facebook or Google account, only to be asked to enter your credit card details? Of course the two most popular websites in the world would be a prime target for anyone looking to plant some malware, but according to a new study, it’s getting more difficult to detect the threats.

The latest report from cybercrime security company ThreatMetrix describes how a new version of the Zeus Trojan is targeting Facebook and Gmail log in pages in order to trick their users into submitting their credit and bank account details.

Users log into their Gmail or Facebook accounts via a page that looks “normal”, but instead of continuing to their newsfeed or inbox, they’re confronted with a new page. These pages look like legitimate versions of the standard Facebook and Google pages, and include the type of accreditation badges you’d expect on an ecommerce site, like one from antivirus provider Norton, but they are actually designed to steal banking details.

“The latest Zeus variant catches victims off-guard by waiting to attack until after a website’s login page appears to be functioning normally,” explains ThreatMetrix’s Andreas Baumhof. “After the victim logs in, the Zeus Trojan attempts to steal confidential information.” The new variant of the trojan also encrypts its configuration file, making it difficult to detect automatically.

Zeus trojan facebook

Some of the scams offer (relatively) believable reasons as to why they are requesting your account details, like suggesting that entering your information will allow you to purchase Facebook credits or easily make payments on online stores using your Google account.

Facebook and Google aren’t the only sites which have been affected by the new variant of the trojan: financial institutions from the US to Australia have also become targets, as have online retailers. Some banks in Italy have been affected by a script which adjusts clients’ bank balances so they’re not aware their money has been stolen. Online stores have been compromised too, again by a window which looks genuine. For example, during the final stages of a purchase, after the customer has entered their payment details, a popup will appear asking them to verify their card number. If they enter it again, they’re submitting their details to cybercriminals, not the store.

“What puts social media websites, financial institutions, online retailers, and payment processers at such high risk with this particular variant of the Zeus trojan is that all of the fraudulent pages and windows described in the report appear legitimate to most users,” said Baumhof. “Pages include the branding and messaging typical to each of the industries the cybercriminals are targeting. They are even personalised with the victim’s name.”

email article email article print article print article

Related articles

Topics for this article

[ advertising enquiries ]

Share
  • BURN MEDIA TV

    WATCH THE LATEST EPISODE NOW
    Latest Episode
    Unboxing the Acer Chromebook C720P

MORE HEADLINES

news

VIEW MORE

interviews

VIEW MORE

future trends

VIEW MORE

entrepreneurship

VIEW MORE

social media

VIEW MORE

facebook

VIEW MORE

twitter

VIEW MORE

google

VIEW MORE

advertising & marketing

VIEW MORE

online media

VIEW MORE

design

VIEW MORE

mobile

VIEW MORE

More in Ecommerce, News

Brouhaha as blogger takes on SA's internet radio numbers [updated]

Read More »