A new variant of the notorious Zeus malware is targeting Facebook and Gmail. The fresh scam asks unwary users to â€œlinkâ€ their credit card information with either Facebook or Google and transform these accounts into digital wallets.
Whenever the user tries to bring up Facebook or Gmail from an infected PC, they are presented with the genuine service login page, but, in the background, Zeus injects its code in the login form to also request credit card information.
The attack is extremely convincing as the browser shows the URL of the real login service. It also offers a good explanation as to why the user is asked to enter credit-card info: Facebook users are told they can directly buy Facebook credits after they link the credit-card to the account, while Gmail users are told they can use Gmail as a â€œdigital walletâ€ and pay by simply entering their e-mail address.
â€œPages include the branding and messaging typical to each of the industries the cybercriminals are targeting. They are even personalized with the victimâ€™s name,â€ said Andreas Baumhof, the CTO of ThreatMetrix, a company specialized in fraud prevention. “To protect users and customers, all of these industries must realize how sophisticated todayâ€™s cybercriminals are and take proper steps to prevent these attacks.â€
Just like any strain of Zeus, the malware can manipulate the way the bank reports account balances so victims are unaware that money has been moved out of the account.