Researchers at M86 Security said they uncovered a targeted attack against customers of a large UK-based financial institution that used a new version of the Zeus banking Trojan to compromise 3,000 accounts and steal more than $1 million.
The attack used a combination of Zeus v3 and the Eleanore and Phoenix exploit kits to target and infect the systems of customers of the global financial institution, according to M86 Security Inc., an Orange, Calif.-based provider of Web and email security. The websites used to host the attack were UK-specific, said Bradley Anstis, vice president of technical strategy at M86.
"The Trojan itself is benign until you visit the targeted financial institution, then it comes to life," he said. The malware then checks the account balance, and if it's more than $1000 in U.S. dollars, triggers transactions amounts ranging from $1,500 to $5,000.
Since July 5, the cybercriminals behind the attack have stolen 675,000 pounds ($1,077,000), according to M86, which said the attack continues.
The compromised accounts were a mix of commercial and consumer accounts, Anstis said. The command-and-control server for the attack was based in Eastern Europe.
The Zeus Trojan is known to target certain banks and regions, but the highly targeted nature of this attack -- against a single financial institution -- was unusual, as was its method of checking for a minimum balance, Anstis said.
The case is under investigation by law enforcement, he said.