LONDON: The newest version of Zeus has just hit the scenes, and now it’s after user’s webcam, so says fresh research from the boys down at Kaspersky Lab.
The malware, known as, Cthonic weasels its way onto machine running Windows XP, 7, and 8.1, and hooks into software designed to handle the permissions for users webcam and microphone.
“The attachment contains a specially crafted RTF document, designed to exploit the CVE-2014-1761 vulnerability in Microsoft Office products,” Kaspersky Lab explains. Once downloaded and running, the malicious code, which contains an encrypted configuration file, injects itself into a msiexec process, and a number of malicious modules are unpacked and installed on the machines.”
For now it seems the hackers behind Cthnonic have been focusing on smaller, local banks in Russia, Japan, UK, Spain, and the US, though Italy and France also looked to be big targets for the financially motivated campaign.
“Chthonic is the next phase in the evolution of ZeuS. It uses Zeus AES encryption, a virtual machine similar to that used by ZeusVM and KINS, and the Andromeda downloader to target ever more financial institutions and innocent customers in ever more sophisticated ways,’ he added.
The malware has proven especially hard to detect and root out thanks to a new piece of code which reroutes detection methods, and injects a script that instead makes the whole operation appear like a glitch in the account statements of a single account.
This way, instead of alerting the cyber security team, a single banker will simply correct the error manually, and continue about their day as normal as if the system was never compromised in the first place.
“The discovery of Chthonic confirms that the ZeuS Trojan is still actively evolving,” said Yury Namestnikov, senior malware analyst at Kaspersky Lab and one of the researchers who investigated the threat. “Malware writers are making full use of the latest techniques, helped considerably by the leak of the ZeuS source code.”
Luckily, Kaspersky believes that many banks have inadvertently made themselves impervious to Cthonic by updating the way their employees open and read emails on the internal system, and creating a divide between those two parts of the whole.
By splitting up personal accounts from those used in a professional setting, both Italian and Russian bankers in particular have been able to avoid many of the problems and sinkholes that can usually catch them up at the wrong time.
