14 DAY TRIAL // High-profile domains are in high demand for cybercriminals, who managed to compromise the media delivery subdomain of vogue.com and use it for delivering a variant of the Zemot malware downloader.
Zemot belongs to the Upatre family of malware droppers, which was spotted to be leveraged by the Asprox botnet towards the middle of September. It is used to funnel additional malicious software on a compromised computer in order to carry out specific tasks required by threat actors.
According to ThreatTrack Security, the request for Zemot came to media.vogue[dot]com, from machines infected with the infamous Gameover Zeus (GOZ).
The researchers say that the sample of GOZ they detected is an updated variant that includes financial institution targets that have not been reported with previous instances of the malware.
This would not be the first attempt to resurrect Gameover Zeus. In August, multiple security companies suggested that the cybercriminals behind the malware were getting ready to replace the botnet that was taken down back in June.
Zemot was not the only malware pushed through the vogue.com domain, as there is indication that the online location was used for the delivery of another threat called Pony and also known as Fareit; this has infostealing capabilities but can also be employed to add new malicious code to the infected machine.