Banking Malware Spin-Off Targets Twitter, Facebook Accounts

A sophisticated strain of malware based on the Zeus trojan has been discovered monitoring and potentially taking over Facebook and Twitter accounts.

First reported by ZDNet, the Zeus offshoot has been repurposed with “new espionage capabilities” to both monitor and modify Facebook and Twitter posts, as well as gain the ability to eavesdrop on emails. The strain was discovered by researchers at Romanian cybersecurity firm Bitdefender, who confirmed the strain’s capabilities to go beyond its primary intended purpose of stealing financial credentials to snoop in on the online activity and lives of its victims.

The malware even targets popular email service providers aside from having the ability to exploit a victim’s social media account and stealing data before spreading beyond the victim’s computer. Curiously, the malware has been coded not to gather any data from VK, Russia’s largest social media platform, lending credence to the theory that the malware’s operators could be located in Russia or Eastern Europe.

Bitdefender’s senior e-Threat analyst Bogdan Botezatu said:

Social media accounts can be also used as a propagation mechanism once the malware is instructed to post links to downloadable copies of the malware. Additionally, the malware can also steal account login information and cookies, so its operators can hijack the social network account and re-sell access to it, for instance.

Like other effective malware campaigns, the strain begins its attack via phishing emails containing a rigged button purporting to be a PDF file. When clicked, the ‘PDF’ document will instead execute a Javascript code to download the malware. Once installed, the malware injects itself into the browser processes to read traffic and deliver code. It is also capable of using injected spyware to siphon data and upload it to command and control servers.

“The malware’s distribution is far from an epidemic, but what caught our attention is the sophistication of the payload and the malware’s capability to run undetected on already infected computers,” Botezatu added.

Image credit: Flickr.