Warnings have been made of a new version of the Bugat financial malware.
Trusteer claimed that it was used in the recent LinkedIn phishing attack and unlike Zeus, which many assumed to be the payload of the emails, it is less well known and harder to detect.
In the attack, LinkedIn users received emails reminding them of pending messages in their account that contained a malicious URL. When a victim clicked on the link they were directed to a fraudulent website where a Java applet fetched and installed the Bugat executable.
The company claimed that the emergence of this new version of Bugat is similar in functionality to the Zeus, Clampi and Gozi Trojans and it targets Internet Explorer and Firefox browsers and harvests information during online banking sessions. The stolen financial credentials are then used to commit fraudulent Automated Clearing House (ACH) and wire transfer transactions, mostly against small to mid-sized businesses, which result in high-value losses.
Detection showed that Bugat is three times more common in the US than Europe, but its distribution is still fairly low.
Mickey Boodaei, CEO of Trusteer, said: “Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection.
“We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet.”