A new Trojan spreading primarily in Europe is attempting to steal sensitive information from financial institutions and their high-profile customers, including passwords and usernames.
The main targets have been reported to be four European banks with large customer bases in Italy, England, Germany and France, including CrÃ©dit Mutuel och Abbey National, according to Trend Micro.
“At this point, we do have the data that show that these banks are indeed being currently targeted,” said Trend Micro’s advanced threats researcher Ivan Macalintal. “We are including some names of the banks here to make people aware.“
The TSPY ZBOT. AZX was created by using the ZeuS toolkit, which was specifically developed to build malware. It makes it possible for cyber criminals to create their own versions of remote-controlled malware. The infected machine then becomes part of the ZeuS botnet, which has been estimated to include millions of computers worldwide.
At its most basic level, ZeuS has always been known for engaging in criminal activities, as it signals a new wave of online criminal business enterprises wherein different organizations can cooperate with one another to perpetrate online theft and fraud.
Domains used by TROJ_ZBOT.BYP can also be found on the same server in Serbia, according to Trend Micro. The IP address has earlier also been linked to part of FAKEAV-hosting domains and previous pharmacy spam campaigns.