View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

“Hybrid” Zberp Trojan combines features from two existing threats

New Trojan targets users at as many as 450 banks across the world.

By CBR Staff Writer

A new ‘hybrid’ trojan that combines features of two past threats could have affected customers of several hundred financial institutions worldwide, researchers have claimed.

Anti-cybercrime tech developer Trusteer, part of IBM, found that the Zberp Trojan has been targeting more than 450 financial institutions around the world, mainly in the US, UK and Australia.

The new Trojan allows hackers to access the computer name, IP and other basic information of the infected system. It can take screen shots, steal data submitted in HTTP forms, user SSL certificates and FTP and POP account credentials, the researchers said.

The malware’s invisible persistence feature helps it to escape from the routine system scans that take place when the system boots.

The malware is suspected to have been developed using the leaked source codes of the previous malwares Zeus Trojan (Zbot), and Carberp Trojan.

Discovered in 2007, Zbot was developed to attack computers working on Windows OS to steal system information, online credentials, and banking details. It can also be customized to retrieve any other information by targeting configuration files.

The Trojan is reported to have been used to hack into the systems of Bank of America, Oracle, Amazon and Nasa among others.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Carberp, which came into limelight in 2010, is considered to be one of the worst threats to customer data ever detected. Its encryption layer bypasses anti-virus scanners, thus making it difficult to be detected.

The Zeus source code was leaked in 2011, and the Carberp source code was offered for sale in 2013.

Trusteer researchers Martin Korman and Tal Darsan told Security Intelligence, "Since the source code of the Carberp Trojan was leaked to the public, we had a theory that it won’t take cyber criminals too long to combine the Carberp source code with the Zeus code and create an evil monster.

"It was only a theory, but a few weeks ago we found samples of the ‘Andromeda’ botnet that were downloading the hybrid beast."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.