Zeus Variant Takes Aim at POS Data

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
A new variant of the Zeus banking trojan has emerged, dubbed Neutrino, which is custom-made to collect credit card information from point-of-sale systems, among other things.

“From time to time authors of effective and long-lived trojans and viruses create new modifications and forks of them, like any other software authors,” said Sergey Yunakovsky, a Kaspersky Lab researcher, in a posting. “One of the brightest examples amongst them is Zeus, which continues to spawn new modifications of itself each year. In a strange way this malware becomes similar to his prototype from Greek mythology.”

Neutrino first takes a long “sleep” before it starts, to avoid AV sandboxes, and then connects to a C&C server. It can download and start files; make screenshots; search processes by name; change register branches; search files by name on infected host and send them to C&C; and run proxy commands.

To steal payment card information, it searches the memory pages of the process, and collects information for strings “Track1” and “Track2”, which mark fields contained in the tracks of the magnetic card stripe.
Kaspersky found that the largest areas of infection are Russia and Kazakhstan—and nearly 10% of infected computers belong to small business corporate customers.

“Despite belonging to an old, well-known and researched family, [Zeus variants] continue to bring various surprises to malware analysts and researchers in the form of atypical functionality or application,” said Yunakovsky. “We can see the same situation with Mirai forks, for example, which generate an enormous count across all platforms and in different species.”

He added, “Generally speaking, all publications of malware source code with good architecture and various functionality will cause interest and attention from malware authors, who will try to use it for nearly all possible ways of illegal money gain. We can assume that right now there may already be new modifications of Neutrino with functionality for crypto-currency mining.”
 
  • Like
Reactions: MalwareTracker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top