Just in time for the holidays - Zeus CNP botnet targets major retailers

The Trusteer research group recently discovered a Zeus botnet that is targeting credit card accounts of major retailers including Macy's and Nordstrom just as the holiday gift buying season is in full swing.

  0 Be the first to comment

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

We captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud. This attack is using a Zeus 2.1.0.8 botnet - the latest and most sophisticated version of the Zeus malware platform.

CNP fraud refers to transactions when a credit card is not physically present, as in an internet, mail or phone purchase. It is difficult for a merchant to verify that the actual cardholder is indeed authorizing the purchase. Because of the greater risk, card issuers tend to charge merchants higher fees for CNP transactions. To make matters worse, merchants are typically responsible for CNP fraud transactions. Therefore, CNP merchants must take extra precaution against fraud exposure and associated losses.

The attack we discovered uses social engineering to gather additional information beyond the credit card number that will make it easier for the criminal to bypass fraud detection measures used to investigate suspicious transactions. In this case, the social engineering method used is very credible since the victim has navigated to the card issuer's website - www.macys.com and www.nordstromcard.com - when Zeus injects a legitimate looking man-in-the-middle pop-up that requests personally identifiable information:

Sponsored [Webinar] PREDICT 2025: The Future of Faster Payments in the US

Related Company

Keywords

Comments: (0)

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates