Zbot Exploits MasterCard and Visa and Anti-fraud Programs

Security researchers warn that a new Zbot trojan variant attempts to trick users into exposing their card details by mimicking the enrollment forms for the Verified by Visa and MasterCard SecureCode security programs.

Verified by Visa and MasterCard SecureCode are anti-fraud services, which prevent the abuse of stolen credit card details. They allow cardholders to generate an unique password, which is then required to successfully complete online credit card transactions.

Users can be prompted to opt-in and generate their unique secure codes, if they haven't already, while shopping on the websites of merchants participating in the programs. Unfortunately, this is exactly the type of behavior that cyber crooks behind a new Zbot variant are trying to take advantage of.

According to researchers from security vendor Trusteer, who analyzed this attack, the trojan injects a page masquerading as the official Verified by Visa and MasterCard SecureCode enrollment screens into the browser, when the users initiates a secure transaction. This page asks for a wealth of information, including Social Security number, card number, card expiration date, CVV2 code, ATM PIN, and the  secure password required by the programs to serve as additional verification.

Zbot, short for ZeuS Bot, is a banking trojan increasingly used by identity thieves to perform bank fraud worldwide. Variants of the malware can steal online banking credentials, insert rogue fields into Web forms, initiate automated clearing house (ACH) transfers without the knowledge of the account owner and even allow attackers to connect through the victim's IP address to bypass protection mechanisms.

“The information gathered by Zeus is used by fraudsters to commit ‘card not present’ transactions with retailers that employ Verified by Visa and SecureCode protection. This stolen data allows criminals to impersonate their victims and register with these programs to ensure fraudulent transactions elude fraud detection systems,” the Trusteer researchers explain.

Trusteer is a software company that markets secure browsing solutions to banks and other financial institutions. Its products, Rapport and Flashlight, allows businesses to protect the data submitted by customers to their online services via the Web, as well as investigate malware-related fraud incidents remotely.

You can follow the editor on Twitter @lconstantin