Cisco, a company which manufactures and sells networking and high-technology products, is calling attention to a new malware software that seeks to gain access to your money. Talos, Cisco’s threat-intelligence team, says there is a new version of Zeus Panda malware threatening users.
According to a blog run by Talos, the Zeus Panda malware “poisons” Google search results to bring fake bank-related results to the top of a key word search. Unsuspecting users are mistakenly fooled into clicking on the malicious links.
Talos reports: Links returned by a Google search, however, are not guaranteed to be safe. In this situation, the threat actors decided to take advantage of this behavior by using Search Engine Optimization (SEO) to make their malicious links more prevalent in the search results, enabling them to target users with the Zeus Panda banking Trojan.
By poisoning the search results for specific banking related keywords, the attackers were able to effectively target specific users in a novel fashion.
The goal is to trick the user into going to the hacked site, then accessing a Microsoft Word document. Users are asked to click on prompts such as “enable editing,” “enable content” and “macros have been disabled,” thereby initiating a download, according to Talos.
By targeting financially-related keyword searches that lead to infections, the attacker can “quickly obtain credentials, banking and credit card information, etc.”
“[It’s] a clever way…to serve malicious files,” a spokesperson for the internet security firm Avast told Fox News. “Although it’s not completely new, it’s rarely seen as a mechanism of spreading malware such as banking Trojans.”
To avoid infection, consumers should be cautious about clicking links or enabling macros, according to cybersecurity experts, who further warn consumers against opening unknown attachments.
The malware appears to be targeting customers in Sweden, India, Australia and Saudi Arabia for now; however, it could easily spread to other countries, according to experts.