14 DAY TRIAL // ZeuS, the notorious banking malware, continues to evolve. One new version spotted by experts appears to engage in pay-per-click activities to generate income for its masters.
According to Trend Micro researchers, the TROJ_ZCLICK.A variant of ZeuS is designed to display arbitrary websites on infected computers. The sites opened by the threat occupy the entire screen, preventing users from opening other windows or files.
Websites are opened every time the victim performs an activity like opening a window or a file. If the user doesn’t do anything when these arbitrary websites are displayed, the malware takes control of the mouse, moving the cursor and scrolling the screen.
Victims can access the desktop by pressing the Windows key+D combination, but the sites still run in the background. Furthermore, more windows will continue to pop up as users perform other activities.
Interestingly, unlike other versions of ZeuS, this one isn’t designed to steal sensitive information from infected devices. Instead, it’s only designed to load these clickbot routines.
“In this light, it’s only logical to assume that the main motivation for this variant is to generate income via the pay-per-click model,” Mark Joseph Manahan, a threat response engineer at Trend Micro, explained in a blog post.
“This malware proves that cybercriminals are continuously tweaking familiar or known malware to deliver new payloads, all in the name of generating income from victimizing users,” the expert added.
This isn’t the only interesting ZeuS variant uncovered this week. Researchers from F-Secure have also spotted a new variant of the notorious threat. While they haven’t completed their analysis, it appears that a new version of Gameover ZeuS contains procedures for stealing Bitcoin wallets from infected PCs.
Gameover is the peer-to-peer version of ZeuS. Around three weeks ago, experts reported that a variant of the malware came with a kernel-mode rootkit apparently borrowed from the Necurs malware family. The kernel-mode rootkit makes Gameover more difficult to remove from both the disk and memory.
There are a number of types of malware part of the ZeuS/ZBOT family. Some of them are designed to download ransomware or other threats onto infected computers.
As far as Bitcoin stealers are concerned, they’re becoming more and more popular, which isn’t surprising considering that a single Bitcoin is worth a lot of money these days. In fact, Bitcoin stealers have become so popular that they’re even designed to target Mac OS X users.
One example is OSX/CoinThief, which has been distributed via a number of high-profile websites, including Download.com, GitHub and MacUpdate.