Beware pretty pictures….
A new version of the notorious Zeus banking Trojan has been discovered by research firm Malwarebytes. The malware works by embedding money stealing code inside desirable images, such as classic scenery or sunsets, that victims are tempted to download. The malware then goes to work when the user logs on to the website of one of the targeted banks, stealing the users banking credentials and possibly emptying their online account. Dozens of well-known banks have been targeted including Lloyds, Barclays and Santander as well as Wells Fargo and Deutsche Bank abroad.
Malwarebytes senior security researcher Jerome Segura said: “It appears the intended targets were primarily Europeans due to the larger number of banks from the EU in the configuration file” He added: “Hiding malevolent code in such a way can successfully bypass signature-based intrusion detection systems or even anti-virus software. It’s a reminder that a file should not be considered safe simply because it appears to be a legitimate picture, song or movie.”
And that last point is the most important, as we are constantly saying, one of the best ways to protect your online security is to think twice before opening unknown emails or files – only open trusted files, “delete” is often the best policy if you are unsure.