14 DAY TRIAL // According to reports from the cyber criminal underground, the latest version of the SpyEye trojan comes with form grabbing support for Google Chrome and Opera, two browsers largely untouched by malware so far.
Brian Krebs has published a screenshot taken from the trojan's latest "builder" version and it has checkboxes for the anti-Rapport and Firefox webinjects plugins, as well as for Opera and Chrome form grabbers.
These two new components are aimed at stealing information typed into web forms and while this is not as advanced as injecting code into displayed web pages, it represents a serious attack against users who believe that using alternative browsers keeps them safe.
It's not yet entirely clear how these new form grabbers work, whether the malware hooks into the browsers' DLLs or is using extensions.
The hooking approach seems more likely because the APIs available to Chrome and Opera extensions are limited. In addition, only version 11 of Opera supports extensions.
The SpyEye developer, known in cyber criminal circles as Gribodemon or Harderman, has recently taken his business deeper into the underground due to increasing media attention for his crimeware toolkit.
Similar attention from law enforcement agencies, security researchers and news outlets, has driven the author of the infamous ZeuS banking trojan into an early retirement.
Slavik, aka monstr, quit the mainstream malware development scene last year and gave the ZeuS code base to Gribodemon. The SpyEye developer began merging the best ZeuS features with his own trojan in order to obtain the best cyber fraud tool on the market.
Recent ZeuS-inspired developments in SpyEye include the addition of a man-in-the-mobile (MitMo) component aimed at stealing mobile transaction authorization numbers (mTANs) from online banking users.
Users are advised to always follow best practices when using the Internet, such as keeping their software up to date, not accepting unrequested downloads, not opening unsolicited email attachments, etc., even if using more obscure programs.