Ever hear the saying, “A picture is worth a thousand words?” In this case, a picture may be worth a thousand dollars — $1,000 — stolen from your bank account.
ZeusVM, a new variant of the Zeus banking trojan, collects your banking login details, masking secret transfers of your money to cyber-criminals’ accounts using legitimate login access to your account, and it does this all by hiding in digital photos.
This sneaky technique is called “steganography,” as reported by ComputerWorld AU:
Steganography has long been used by writers of malicious software. By embedding code in a file format that looks legitimate, there’s a chance the file will be given a green light by security software.
“From a webmaster point of view, images (especially ones that can be viewed) would appear harmless,” Segura wrote.
Malwarebytes blog explains:
The Zeus/Zbot Trojan is one the most notorious banking Trojans ever created; it’s so popular it gave birth to many offshoots and copycats.
The particularity of Zeus is that it acts as a “man-in-the-browser“ allowing cyber-crooks to collect personal information from its victims as well as to surreptitiously perform online transactions.
2 Ways to Take Out ZeusVM: First, The Hard Way
In the comments section of the Malwarebytes blog post, the author of the blog post offers one method to avoid ZeusVM from accessing your login details:
Safe mode is a little deceiving as it wasn’t created to protect against threats but rather to be able to boot up Windows when there are some problems (typically with system drivers).
A better solution is to use a Linux Live CD which runs a clean operating system that is loaded on a read-only media. It takes a minute or two to boot up but may be worth the peace of mind.
More info on live CDs here: https://help.ubuntu.com/community/LiveCD
If you’re not apt to run a Live CD every single time you need to log into your account(s), there is an easier, more proactive solution.
Now, The Easy Way to Stop ZeusVM
Raxco’s PerfectGuard multiple antilogger software works like a charm: download it, install it, and enable all protection modules with the click of a button to activate real-time protection and put a stop to the hidden threats your antivirus misses:
- Prevent keyloggers recording what you type into your keyboard, like usernames and passwords (including pre-encryption SSL data you type into seemingly “secure” pages), social security numbers and private conversations.
- Block malware that capture screenshots from your monitor to protect your viewing privacy and critical information typed into virtual on-screen keyboards, including vulnerable data entered into seemingly secure web pages.
- Prevent webcam hijackers recording what your webcam sees – whether it’s on or off – as some spies can watch you while your webcam indicator light is off.
- Block the recording of cut, copied and pasted items, like usernames and passwords stored in a file for critical financial or email accounts.