Zeus Malware Grabs Your Money via Facebook, Gmail

A new variant of the notorious Zeus malware is targeting Facebook and Gmail. The fresh scam asks unwary users to “link” their credit card information with either Facebook or Google and transform these accounts into digital wallets.

Whenever the user tries to bring up Facebook or Gmail from an infected PC, they are presented with the genuine service login page, but, in the background, Zeus injects its code in the login form to also request credit card information.

The attack is extremely convincing as the browser shows the URL of the real login service. It also offers a good explanation as to why the user is asked to enter credit-card info: Facebook users are told they can directly buy Facebook credits after they link the credit-card to the account, while Gmail users are told they can use Gmail as a “digital wallet” and pay by simply entering their e-mail address.

“Pages include the branding and messaging typical to each of the industries the cybercriminals are targeting. They are even personalized with the victim`s name,” said Andreas Baumhof, the CTO of ThreatMetrix, a company specialized in fraud prevention. “To protect users and customers, all of these industries must realize how sophisticated today`s cybercriminals are and take proper steps to prevent these attacks.”

Just like any strain of Zeus, the malware can manipulate the way the bank reports account balances so victims are unaware that money has been moved out of the account.