(Threatpost) No one can say that hackers don’t have a sense of irony.
In search of money mules, attackers behind a variant of the Zeus Trojan have configured the malware to activate when users visit careerbuilder[.]com with code that redirects victims to an advertisement for a mule-recruitment website.
Researchers at Trusteer spotted the scheme in a recent Zeus configuration file and determined the man-in-the-browser attack was trying to redirect visitors to marketandtarget[.]com, which has since gone dark. The rogue site promised hot jobs and had a splashy layout that also included some spotty grammar and punctuation. It also referenced Premier Marketing & Targeting, another scam site, according to Trusteer fraud prevention solutions manager Etay Maor.
Maor said this is the first use of HTML injection he’s seen that adds a link to another part of the fraudulent process rather than attempting to steal data or credentials. Zeus is banking malware that uses HTML injection targeting a particular online banking application. When the user logs in to their account, the malware will hijack the session and steal credentials, payment card information or other sensitive personal data…read full article