Zeus is known for being one of the most effective tools for stealing a person’s banking information as it hacks login details and even masks secret transactions taking place in the background. Zeus VM is the newest variant that downloads a users configuration file that contains the domains of the bank. Then the malware is instructed to intervene during the transaction.
This was first noticed by a French researcher who writes under the name Xylitol. Jerome Segura, security researcher for Malwarebytes wrote “The malware was retrieving a JPG image hosted on the same server as were other malware components.”
Steganography has been used by malicious code writers for quite some time and is nothing new. The embedded code in the file format looks legitimate and is sometimes overlooked by security software. Most webmasters would assume an image that can just be viewed would be harmless. In bitmap mode the suspect image appears to be much larger and the malicious data that has been added and encrypted using Base64 encoding and RC4 and XOR encryption algorithms.
Even Wells Fargo data has been shown to be captured by this malware.