The new Zeus version injects rogue debit card-related offers into popular websites A new variant of the Zeus trojan tricks users into exposing their debit card details by displaying rogue offers when they visit Facebook, Gmail, Yahoo and Hotmail, according to researchers from security firm Trusteer.“We’ve recently discovered a series of attacks being carried out by a P2P [peer-to-peer] variant of the Zeus platform against some of the Internet’s leading online services and websites,” Trusteer CTO Amit Klein said in a blog post Tuesday. “The attacks are targeting users of Facebook, Google Mail, Hotmail and Yahoo — offering rebates and new security measures.”Like most financial malware, Zeus has the ability to inject malicious content into browsing sessions. This functionality is commonly used to display rogue Web forms when users visit online banking websites. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe In a similar fashion, the new Zeus variant analyzed by Trusteer exploits the trust relationship between users and well-known service providers to achieve its goals, Klein said. When victims visit Facebook, the malware displays a fake offer for getting 20 percent cash back when buying Facebook Credits with a MasterCard or Visa debit card. The users are asked to link their cards with their Facebook accounts, a process that involves exposing their card’s details.On Gmail and Yahoo, the malware offers free enrollment into a new secure payment processing system allegedly supported by 3,000 online shops and developed in partnership with Visa and MasterCard. On Hotmail, the malware preys on fears of credit card fraud by offering users to sign up for a free debit card protection service similar to 3D Secure, that requires a password to authorize online transactions in addition to the card’s security code.“This attack is a clever example of how fraudsters are using trusted brands — social network/email service providers and debit card providers — to get victims to put down their guard and surrender their debit card information,” Klein said. “These webinjects are well-crafted both from a visual and content perspective, making it difficult to identify them as a fraud.” Related content feature 10 digital transformation questions every CIO must answer Impactful DX requires a business-centric approach supported by the right skills, culture, and strategy. Here’s how to assess whether your digital journey is on the path to success. By Mary K. Pratt Sep 25, 2023 12 mins Digital Transformation Digital Transformation Digital Transformation feature Rockwell Automation makes shift to ‘as-a-service’ model Facing increasing competition from cloud hypervisors that see manufacturing as prime for disruption, the industrial automation giant has undertaken a major transformation to add subscription software services to its core business. By Paula Rooney Sep 25, 2023 6 mins Manufacturing Industry Digital Transformation IT Strategy brandpost Fireside Chat between Tata Communications and Tata Realty: 5 ways how Technology bridges the CX perception gap By Tata Communications Sep 24, 2023 9 mins Emerging Technology feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 Quantum Computing Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe