Ukrainian software company compromised to spread Zeus banking trojan

News by Robert Abel

Cyber-criminals launched a cyber-attack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a Ukrainian holiday.

Also in:

Cyber-criminals launched a cyber-attack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a Ukrainian holiday.

Cisco Talos researchers observed the Crystal Finance Millennium (CFM)  company site dispersing malware that was retrieved by malware downloaders attached to messages associated with a spam campaign that was running concurrently with the site compromise, according to a 4 January, blog post.

The attack occurred in August 2017 and Ukrainian authorities and businesses were alerted to the attack by a local security firm, ISSP.  Researchers noted the attacker didn't compromise the firm's update servers and did not have the level of access noted previous Nyetya compromise and MeDoc attacks.

The malicious emails contained a ZIP archive that combined a JavaScript file that when opened, executes causing the system to retrieve the malware payload and run it, thus infecting the system with a variant of the Zeus banking trojan.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events