Zeus Variant Tries To Hire Victims As ‘Mules’

Zeus malware - Shutterstock: © dpaint

A new version of the Zeus banking Trojan attempts to hire its victims to help move money to offshore accounts

A group of criminals using the popular Zeus banking Trojan have started advertising for accomplices, displaying ads for job scams whenever the victim visits a popular job site, financial security firm Trusteer said on 13 June.

Typically, victims whose computers are infected with Zeus have to worry about their bank accounts being drained. Yet if a victim visits the popular job site CareerBuilder.com, some variants of Zeus will also display an advertisement for a job with a fraudulent company, Trusteer stated in a blog post.

Cash transfer

In reality, the job is to help criminals transfer stolen cash to another country or cash out goods bought with stolen funds – in other words, a “money mule”. Finding people to help – usually unwittingly – is an ongoing challenge for criminals, but a critical need.

Without money mules, cyber-criminals would have a very hard time moving stolen money, Etay Maor, fraud prevention solution manager with Trusteer, told eWEEK.

Arrest cyber crime security - Shutterstock - © Evlakhov Valeriy“Money mules are always a scarce resource and whenever criminals do recruit them, they keep a pretty good eye on them,” he said. “At the end of the day, you really can’t cash out unless you have a mule.”

When cyber-criminals compromise a consumer’s computer and access his or her bank account, they need somewhere to transfer the money. Most often, they transfer it to the accounts of one or more money mules, who then transfer it to an offshore account.

When law enforcement track down the money mules, the criminals have typically already broken contact with them and so cannot be tracked.

While some people become money mules knowingly, most are people looking for work or hoping for easy money. Advertisements for “mystery shoppers”, “work-at-home accountants” or “financial managers” are typical ways that criminals lure people looking for an easy paycheck.

While consumers are wary of email advertisements for such positions, an advertisement on a job site will generally appear much more reliable. Without money mules, the transfer of the funds stolen through the takeover of bank accounts and other types of fraud would not be possible.

Botnets

US citizens reported nearly 290,000 cases of fraud in 2012, costing them more than $525 million (£334m), according to the Internet Crime Complaint Centre (IC3), which processes fraud claims for the US Department of Justice.

The Citadel botnets – recently taken down in a worldwide seizure led by Microsoft – are responsible for more than $500 million in bank fraud in the past two years, according to financial firms.

Yet, as more consumers hear of the fraudulent scams, criminals are having a harder time finding money mules. To recruit more mules, novel techniques will be required, Maor said.

“By using CareerBuilder as a platform, the Zeus operators maximise their outreach to potential mule targets,” Trusteer stated in its blog post. “Because this redirection occurs when the victim is actively pursuing a job, in this case with CareerBuilder.com, the victim is more likely to believe the redirection is to a legitimate job opportunity.”

Are you a security pro? Try our quiz!

Originally published on eWeek.